Analysis
-
max time kernel
29s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 03:55
Behavioral task
behavioral1
Sample
9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll
Resource
win10v2004-20220812-en
General
-
Target
9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll
-
Size
58KB
-
MD5
59f8af0ca067cafc36d272861285233f
-
SHA1
05dd08f29022435c3fefacbc63b2921a7987cefc
-
SHA256
9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe
-
SHA512
1170cd14f63d7cab76cb81ca42e2aa319171f77bb0a057d4d89c70acc783fae89974b5b4f2eb4b4abd825957b5fe3ac2c1962ff0716de80a72c8ec36fddb6ed5
-
SSDEEP
768:GbvLDaaMact8TtIgjhn/P2n+cDhTa/cxhFrMhYM/xYOtPqQodSKvZhZrwtpskVYM:evygjNhcOc34WtkMhBS2dzdwZ7eSUI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28 PID 112 wrote to memory of 1204 112 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9a8ff37558d679a9f8a03f24faee9cc7c874d31b667ae3bc9f6054c074a0f0fe.dll,#12⤵PID:1204
-