Analysis
-
max time kernel
234s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
04-12-2022 15:43
Static task
static1
Behavioral task
behavioral1
Sample
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll
-
Size
416KB
-
MD5
cdd717d12ae8e22e65585f31dff6a640
-
SHA1
8d000d5119e709ac796496e17d496fa3397cc58b
-
SHA256
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3
-
SHA512
8d0f6254e3427614a42dc3e29740b3944358c109c04aea7bf9a7dd684374097296b9cd5d413254eca06e91b7151acf4f118602d2c2018271d933081843e394d5
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDj:o6C5AXbMn7UI1FoV2gwTBlrIckPB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe PID 1632 wrote to memory of 1172 1632 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll,#12⤵