Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 05:24
Static task
static1
Behavioral task
behavioral1
Sample
b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll
Resource
win10v2004-20220812-en
General
-
Target
b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll
-
Size
30KB
-
MD5
d873ae66a13bfd41b5044f2401c589f0
-
SHA1
f3d032bd5572adce061872dec7b12d711cbe4acb
-
SHA256
b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f
-
SHA512
0ce241772c7a6a8a7a32456c246e314f32e5d418c3ab59a4497ee68efe03d07979dda435344a0057013372ff13c5219b84e4e49be08443ea68c8ba5aaec3600c
-
SSDEEP
96:DBxUt5T0t/4bmkmKUk+NIlXadkvNOm4YDfnJZoMMMMMMMMMMMMMXMMMMMMMMMMMl:VRRQmkmHk+NIlKa1O0xMtMNwbHEcvT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27 PID 1600 wrote to memory of 1812 1600 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ffd0fdef2b815a92a81be12cf68f5aaa5ff8fd14552924b0babcfe5528dd4f.dll,#12⤵PID:1812
-