Analysis
-
max time kernel
1s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 23:18
Static task
static1
Behavioral task
behavioral1
Sample
1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll
Resource
win10v2004-20221111-en
General
-
Target
1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll
-
Size
4KB
-
MD5
ae5eec84237a696d990259892bdda560
-
SHA1
aa1e6408c3e472b86193827868a8c7127144032f
-
SHA256
1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b
-
SHA512
6a5254a6f5bbb3b01de92643e085432c67f512a817d92ce8d0868f6d57216002833c9c35bf9985b3e980106c1e65f14d60883b57ea425e0ad8fadfc463803b05
-
SSDEEP
48:a5zdM1cSTBg0r27vTuAEKq2wl+wosa8Gq2uJ23amhmsXx:PT3r2vu9l2wFHWq2/Rh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27 PID 1216 wrote to memory of 948 1216 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1216 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1e2d955bcdbd8cfd9c25b68427b12de6cc2b404301bf6a06e97a5ec3feec155b.dll,#12⤵PID:948
-