Analysis
-
max time kernel
239s -
max time network
332s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-12-2022 10:19
Behavioral task
behavioral1
Sample
60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll
Resource
win10v2004-20221111-en
General
-
Target
60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll
-
Size
367KB
-
MD5
0ffc98ec767f93e0a9cd06a4c95be330
-
SHA1
adedd82d5b3163903edc3abc238ccd5901208634
-
SHA256
60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632
-
SHA512
5db3fa85ac13aaef52a5148af25a0466d7eff7f297abac19aee97200be7efd039e6f4d7186d55c112b95c79ba0ed95d554fe1b019925ca77397c1296215f2fe4
-
SSDEEP
6144:zNZCrlwwWfYfK1cicTUDzmO1AwO1wpefav3y5j36/vgyi7KNTtRlTxy:WJwwWfQK1WOOwpef6638vi7u9A
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe PID 752 wrote to memory of 1488 752 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60ea1f7375bdf1e3eb11a4ac5a9045e86ed7a6d3ee39622bc5b13857340cb632.dll,#12⤵