Analysis
-
max time kernel
2s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 02:42
Static task
static1
Behavioral task
behavioral1
Sample
f47f436364234ec9b38efb1b581d7c251464f7f56667d648af13b98318becbb7.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
f47f436364234ec9b38efb1b581d7c251464f7f56667d648af13b98318becbb7.dll
-
Size
379KB
-
MD5
3f535a9bfc21fd547bbcb3a0f2771000
-
SHA1
94fba08f53e729d5cf0e2c7b691121634e7f3623
-
SHA256
f47f436364234ec9b38efb1b581d7c251464f7f56667d648af13b98318becbb7
-
SHA512
cee618e3d36c4a327fa04014556b9f9aa6a8bffb54a6dd593d5a9e5b306ad82aaafe21dd50e0ad9b729d0d874f650fad1240c9b70d627f3866c168a9bd3d208e
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0s:jDgtfRQUHPw06MoV2nwTBlhm8E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28 PID 1948 wrote to memory of 964 1948 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f47f436364234ec9b38efb1b581d7c251464f7f56667d648af13b98318becbb7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f47f436364234ec9b38efb1b581d7c251464f7f56667d648af13b98318becbb7.dll,#12⤵PID:964
-