Analysis
-
max time kernel
28s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 19:17
Static task
static1
Behavioral task
behavioral1
Sample
43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a.dll
Resource
win10v2004-20220812-en
General
-
Target
43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a.dll
-
Size
248KB
-
MD5
9d6495f396a60ff1ea6efcf9fb362ef0
-
SHA1
2c1c0cfae320b93155d0a02ccd3ea7c7c8914af1
-
SHA256
43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a
-
SHA512
418c94003d65bb9e3ce7e812c5c598ed1245204375fa60df313c791b448d9b256e8be34d521eee7227b10b073744a7f83e2229e0eeda4e3005a756d1df50f6f5
-
SSDEEP
3072:V+LOjHRo7qoWUowa9jQgG1sChZVGm5RYJ5RLVnG5zmbqbFbyaDZiL8vGZm1VY4Yj:BHe7qoWw3kaDULMemtE8oU9SA1+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27 PID 872 wrote to memory of 1360 872 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\43b6aad652a53570bc4c08dc09e2628bcfdcf15b117aa53a597adfac7355ea7a.dll,#12⤵PID:1360
-