Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 06:21
Static task
static1
Behavioral task
behavioral1
Sample
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
Resource
win10v2004-20221111-en
General
-
Target
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
-
Size
107KB
-
MD5
6a27d4ad6713af6f462720b0ac4fe2fd
-
SHA1
72e7ec6df89e73a3fd1549754ec66f4a4b75a4f7
-
SHA256
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c
-
SHA512
ebeebf65aa0ad4c24f93412d04f97e766b5f33acf747a332e95a4bf304388ca07c15b90409e38c2ed3035cd3db3a7eb09eb9698832b585b6009f14e28ab110e7
-
SSDEEP
3072:uHxeB8gqjA+V/Dh/SGGCMoqnL6gjB6XXh5Gpsnk:uoB8gq7VbhhlIL6g96Btk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 756 1444 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#12⤵