Analysis
-
max time kernel
8s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:46
Static task
static1
Behavioral task
behavioral1
Sample
79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll
Resource
win10v2004-20220812-en
General
-
Target
79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll
-
Size
67KB
-
MD5
9fe364b483df847c8ce91390e01d6e18
-
SHA1
ed43b79e045744e463494072b94c97e58b1b5712
-
SHA256
79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8
-
SHA512
2f7546af12944fb84fa0f66ad3f33c00a5f1ad235ef233e220ec4b4dda42b838c6f99b32a071308e8a5538e5d19032dce0ced07b796d3d563a704d8f5506744a
-
SSDEEP
1536:/mP56G4fEqmbL6IeL5X3j8RLjqrzdVKy20rzrv0ui:/mUGnbeIeL5HIljEnD20rvv0ui
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 844 2040 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79574588204ab06f22ec822a96ec8859f114dcbd0f200b24059827cd3b50e9e8.dll,#12⤵PID:844