Analysis
-
max time kernel
17s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 06:22
Static task
static1
Behavioral task
behavioral1
Sample
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
Resource
win10v2004-20220901-en
General
-
Target
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
-
Size
187KB
-
MD5
c72802b4bc872eda30044245f0525f3a
-
SHA1
1c8ce7e05b1ed4426e3c1430d738289fd7649d01
-
SHA256
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f
-
SHA512
1d07be14ffceb1d4d334cab466532ee3e70fa6810f1803774599e72992e3522c889f1703437c4a29f708cb7eec7e3adeca49abbe4a438d9e65ed53b9a23130e8
-
SSDEEP
3072:JskRfXL9xl4EWn0rx5ScAJ6gdznwb+VOos7d77s8Be/1DGhOQS5yTx9HKPln:zRD9Fx4cAJ6gxbVGRA/1DeOQ3K
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll,#12⤵