Analysis
-
max time kernel
4s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03-12-2022 11:29
Static task
static1
Behavioral task
behavioral1
Sample
eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc.dll
Resource
win10v2004-20220812-en
General
-
Target
eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc.dll
-
Size
154KB
-
MD5
e9f3191faf98d21df2ab73429222bffd
-
SHA1
f7ce6a778e12e7e97fba600dafb941a46d49b522
-
SHA256
eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc
-
SHA512
cd0d49353719f1488d61a120afea9a20d76c48025e8ada8d93bb302a5af668db4c46782390624ee3fef02b269cd804efdd58e5e4a97b802b9403c6f2368a74ae
-
SSDEEP
3072:LEGvOyoqckW4JmUDTqZ1zEbrm9kmDNGrvSp/KjCHeIB+VAtDwGE9PYU:LEGWYWUk9ksYvW8CHPoVZ9r
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27 PID 1724 wrote to memory of 528 1724 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eee6ee1d9d495b8cf639ca796e13c4a73c50edc3fb050c4d8fca296551f3afcc.dll,#12⤵PID:528
-