Analysis
-
max time kernel
20s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 02:19
Static task
static1
Behavioral task
behavioral1
Sample
00203 Dec 01.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
00203 Dec 01.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
1099.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
1099.dll
Resource
win10v2004-20220812-en
General
-
Target
1099.dll
-
Size
600KB
-
MD5
7270877051f4ce89a7067c6bb2f9268b
-
SHA1
a12170aea707e2185692c429e2972b819acc9cc3
-
SHA256
ad2ca74575501e503a5ca929529d3e2d19c94d464657203891dd80e1a20365bb
-
SHA512
c25bcf7d513230ab6192649b379723bd82f794f7bf703ed1f2d18acb53795a2673859d11eb8ba6cd80696e2e85d3ecb9988b07496fbb10d1ef951bc21952eecb
-
SSDEEP
12288:QSUUEfo5I6/o2qgkpUd99Msme0CWUdOWk4F:QSTiWDvLBRme0C0Wk4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe PID 1876 wrote to memory of 1664 1876 rundll32.exe rundll32.exe