Analysis
-
max time kernel
123s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a.dll
Resource
win10v2004-20220812-en
General
-
Target
07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a.dll
-
Size
832KB
-
MD5
a80a0f9e99ad572e91f1e77edfca4159
-
SHA1
da8e3caedfd70741acccce7cefccc289dd611da1
-
SHA256
07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a
-
SHA512
6d4dd0971dcaed240afcf8263b8445082315628dfc9b443a80ca7b647c6a9e1b213305e81c92449a14e1ebd63bcbc75c39198d44aeae6b5ae9cebcad631f2bfc
-
SSDEEP
12288:UETdn9ZimUi6iIBfQJ9NpM9Agy5CagSaJoZBRHX68888888888888W888888888f:LnVUi6FlQJ9N+9AgZrJoZvq
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
rundll32.exepid process 1360 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe PID 1372 wrote to memory of 1360 1372 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07006f5d4430d620a425ced9b4f6efb25e6158cdaa8caccb2981a7baa58a229a.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses