Analysis
-
max time kernel
19s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 05:56
Behavioral task
behavioral1
Sample
c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb.dll
Resource
win10v2004-20220901-en
General
-
Target
c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb.dll
-
Size
852KB
-
MD5
3f11a675c47b11037d1cb7bfb1489ec2
-
SHA1
144b59c4172e625c0ea1131899ba9f709fdc00b3
-
SHA256
c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb
-
SHA512
7d2f7be2bfa778cd297cc1dd9e3761556c67fdef69569766e099abc0de9c4da2a8a34b5ecf3b3a30b4457688413e866324d6dfacc1414439832880aaf08c958c
-
SSDEEP
12288:pFUwNfJA0k7rThTjApT4u7H3PhGAtWhYj09fPSds0QCS8ShpQ36mm36vFgnQBVa/:8wcTxTjAF4c1Qq36mmquQBVy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c85c9a757fbc11abaa17d170ddb42e56296535124c599d73b8ec08a461d66fbb.dll,#12⤵