Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03-12-2022 23:47
Static task
static1
Behavioral task
behavioral1
Sample
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll
-
Size
299KB
-
MD5
24a24158f68ccaa514bd4502f1ccf940
-
SHA1
c3a76de5b5e4980d70411d9e9da0f75e1eef13e3
-
SHA256
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7
-
SHA512
b690745761b8b7f747faf934f2788d7d04b537739764822aa3dc69b67d1d9752f786acfabcdb9f8a0e3884ff3af677d8e1b4e81f5f0693f7aa052ea4ee43b4c3
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDR:o6C5AXbMn7UI1FoV2gwTBlrIckP7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1692 1900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll,#12⤵