Analysis
-
max time kernel
24s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 12:54
Static task
static1
Behavioral task
behavioral1
Sample
749a0eb81a7fb2c9f1bcac521be52b63fc01d7f28ec93a422cd924e0c76d9778.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
749a0eb81a7fb2c9f1bcac521be52b63fc01d7f28ec93a422cd924e0c76d9778.dll
-
Size
249KB
-
MD5
6988b6d11cb1427fe3380a024bc99d16
-
SHA1
72f908656fe4d17c4e79b2b0c5355e5a173d6f18
-
SHA256
749a0eb81a7fb2c9f1bcac521be52b63fc01d7f28ec93a422cd924e0c76d9778
-
SHA512
742e73def3d691e1b88b064be296cd9e62a9e43eb737a4083824e596bd5bd6e073adcbec3584d5851bd0f928ed2b818e37c374029ae15524bcd774c62dc2a025
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0k:jDgtfRQUHPw06MoV2nwTBlhm8M
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\749a0eb81a7fb2c9f1bcac521be52b63fc01d7f28ec93a422cd924e0c76d9778.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\749a0eb81a7fb2c9f1bcac521be52b63fc01d7f28ec93a422cd924e0c76d9778.dll,#12⤵PID:2008
-