Analysis
-
max time kernel
39s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 01:53
Static task
static1
Behavioral task
behavioral1
Sample
e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll
Resource
win10v2004-20220812-en
General
-
Target
e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll
-
Size
91KB
-
MD5
267e8b31ccfe39e5242839bfd3996d18
-
SHA1
4afb41e7cc279413e3b71c5616ae64190546f714
-
SHA256
e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db
-
SHA512
106bbaf10d65c733c116838feafb81ca82f1a49e91cb5ca394ace56a150e02ef1b5085f1f921336faa7fd1d3c8d51584313e2b478f65687775c3ce539c0d6b76
-
SSDEEP
1536:/0qXQb7/Faistv9os2FM4ohv4lJcFwcqpxWjxNGHHAMWaxt5Z8JtP:7A7/siCvoFHohv4ewPpYjzGHHzWaxLOf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28 PID 1620 wrote to memory of 1744 1620 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e022c1210739bad00c21c30b5ff2cd4733ba823d6d43725c949f6460cc0648db.dll,#12⤵PID:1744
-