Analysis
-
max time kernel
46s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 20:23
Static task
static1
Behavioral task
behavioral1
Sample
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
-
Size
1.5MB
-
MD5
da9b94d6b5623d26a75121c3292439df
-
SHA1
fdc9f765bb454e26c1e542f787f62cd37ed7fe99
-
SHA256
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff
-
SHA512
f993d29051035465ccfd3c91bb329c5cb0cd496cdcfe1fab37f3ecefc2a300927e84d486746da5765f76207b4b8c70a57b61b328f8bd2c9fa3a50dd758b307cb
-
SSDEEP
24576:d7mGHd3AJapUt7yTD1BSDriDJJqDL3Q5qAQgtMl0DT5OsT5tiCfsK7QNR9qb0zXQ:d7vHNHyefuXSJJqDbRDgtM6ROsOCflK/
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 1344 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 1344 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of SetWindowsHookEx