Analysis
-
max time kernel
236s -
max time network
332s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-12-2022 08:42
Static task
static1
Behavioral task
behavioral1
Sample
a575d615df8bfbaa6ee4ce8967d86239ced7df713cffe97fa379f4555d506620.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
a575d615df8bfbaa6ee4ce8967d86239ced7df713cffe97fa379f4555d506620.dll
-
Size
413KB
-
MD5
42095a27c6261fa58973d2fd5a7544af
-
SHA1
7a97ab6c0ff5749b02e1412f78d0376375192f82
-
SHA256
a575d615df8bfbaa6ee4ce8967d86239ced7df713cffe97fa379f4555d506620
-
SHA512
77c9b1e542bfc1e2b4bd91b8bb2cda53daf2ea0cbbb615d640700fdcbfef510fc8d1d384b44637ebfaf06d64fca55776f252384f26850f6b1419df04db4be40c
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0A:jDgtfRQUHPw06MoV2nwTBlhm84
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28 PID 1160 wrote to memory of 756 1160 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a575d615df8bfbaa6ee4ce8967d86239ced7df713cffe97fa379f4555d506620.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a575d615df8bfbaa6ee4ce8967d86239ced7df713cffe97fa379f4555d506620.dll,#12⤵PID:756
-