Analysis
-
max time kernel
237s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 15:08
Behavioral task
behavioral1
Sample
2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll
-
Size
1.3MB
-
MD5
8a5667fea0602f8c99968ff0488e20db
-
SHA1
b29a8f2f1106cd21e6596d9248ec23714b016b76
-
SHA256
2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04
-
SHA512
fa54e204e045f0b82ca0e5ca57d7f5c239672c39e68783c3c224d81b74acf19a9a437523b93ccee7468424c0e5ca7592916583b732bd9caa87687af55640b4a4
-
SSDEEP
24576:ySuhSc+1GPFXxCWDb0OfdXAMYdj1ObWNt1y8CQ2a+YYQjb:Hm+12/DhVAnB19NKf1Qjb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 1768 1184 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2238f13df4b8030df3c4dc6c528587cf0a0fcace5c66d54e8bfb4f492000de04.dll,#12⤵