Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 12:50
Static task
static1
Behavioral task
behavioral1
Sample
cf9b4b9769c8634cfa0d47be91cd1f7a6ff0d717d105e6db9b1d23f04d5d5709.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
cf9b4b9769c8634cfa0d47be91cd1f7a6ff0d717d105e6db9b1d23f04d5d5709.dll
-
Size
324KB
-
MD5
b4a3b1e6c0ec6da0f026172ea91a3dc0
-
SHA1
701f011f57980e716b55c5cc771ce2232e01aee5
-
SHA256
cf9b4b9769c8634cfa0d47be91cd1f7a6ff0d717d105e6db9b1d23f04d5d5709
-
SHA512
ff5d7717fc9cf30d0d6be037e56b7b92531c9ff5494909842d507c307149721dc04ce626f061ec877e79ae34963e60001c345e3bec061ee5eeea3049aa1f219a
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0c:jDgtfRQUHPw06MoV2nwTBlhm8E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1700 1368 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf9b4b9769c8634cfa0d47be91cd1f7a6ff0d717d105e6db9b1d23f04d5d5709.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf9b4b9769c8634cfa0d47be91cd1f7a6ff0d717d105e6db9b1d23f04d5d5709.dll,#12⤵PID:1700