Analysis
-
max time kernel
3s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:25
Static task
static1
Behavioral task
behavioral1
Sample
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
Resource
win10v2004-20221111-en
General
-
Target
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
-
Size
463KB
-
MD5
4fcc44f7047a7207004242dfc668eeef
-
SHA1
41634bc2cecc41907b1e8a6499cb5471215e8b21
-
SHA256
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f
-
SHA512
537735a775258941e49400521e8b57af3289a3a8210be4bf059a6f2cf41a6f081d31df86021731283e92ff60bf4254520a57dd9541b261e3ff0293f4fff893a0
-
SSDEEP
6144:bow6oBYWZ8141KE88G2SF3I1bnsKiUjH/aplFwssacHf0NWK3JDejb+smNSlh:D6o6WZ814XNVbsKn4wEcHoWqDejb+b4h
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 1416 2032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#12⤵