Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 10:56
Static task
static1
Behavioral task
behavioral1
Sample
12663 Dec 01.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
12663 Dec 01.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
349.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
349.dll
Resource
win10v2004-20220812-en
General
-
Target
349.dll
-
Size
600KB
-
MD5
1e8c4b625a5456a9c1f5db0081848a1f
-
SHA1
61e310ca58ea6393c36a42e6d7ac550d818b439c
-
SHA256
2d147dd83ddc3b3662219c204e2a16025f7512d9a1727c0d651dced791226aab
-
SHA512
11efad410f770c8a3e3e960e039f21b5580670fe7f0c21729c2d8ca28419f7ae5c98ef5c6f8ab4afdc00fdf78d7510bc5d5f3fdf42e2680066632a61dfb80d5b
-
SSDEEP
12288:QSUUEfo5I6/o2qgkpUdK9Msme0CWUdOWk4F:QSTiWDvLyRme0C0Wk4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1892 1160 rundll32.exe rundll32.exe