Analysis
-
max time kernel
19s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 04:06
Static task
static1
Behavioral task
behavioral1
Sample
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Resource
win10v2004-20221111-en
General
-
Target
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
-
Size
92KB
-
MD5
0eb8fc81bf46bc4335590cc55ac48d61
-
SHA1
15c6500c0a25ef1bb49a38a2df933d89760b4a9b
-
SHA256
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381
-
SHA512
0edfd5047dbdc697abd5cc9d4c1d1be1b5de76f020db46ec1862eb07e3008ff6a4fa515580cac6d8dbb2bcfd493c35a5945f377ea2d52db4730126f905856101
-
SSDEEP
1536:yey7v0e15WPnM2tJjK2SCE58ecuuGsFZD6QXHhAk/tDLeV:yeyr/15eVKbCEBuGsFZDzXBAk/tDLeV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2040 1788 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#12⤵