Analysis
-
max time kernel
46s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 06:59
Static task
static1
Behavioral task
behavioral1
Sample
6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26.dll
Resource
win10v2004-20221111-en
General
-
Target
6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26.dll
-
Size
492KB
-
MD5
d20cd238d4a70eb0b9adceade47bb65b
-
SHA1
cbe38ce78a75b4a2b83c99874054aa11d034ba8f
-
SHA256
6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26
-
SHA512
e5fa7670ce18bfe189fd1631091977797223ab41dbf91e051fd6f2bf9b9dcce289904549075ac07263fdbcb0911d118118112f6bb0de2cbe31fd794ea68ca196
-
SSDEEP
12288:HOTSbGbeNeoPMT+BWamiZxq/aml7QUYJDQCp7:uGS8eoMiZxdmlY1QC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28 PID 1460 wrote to memory of 880 1460 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6b3918dc8505625b1863379c1761c356d5fc19b5c51cd097260f3e90894dee26.dll,#12⤵PID:880
-