Analysis
-
max time kernel
77s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 05:22
Static task
static1
Behavioral task
behavioral1
Sample
5812fd07c00eae84647ae2f065dcc64d60d59e08a218be2f3322cf6ec7d91d3e.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
5812fd07c00eae84647ae2f065dcc64d60d59e08a218be2f3322cf6ec7d91d3e.dll
-
Size
357KB
-
MD5
7e52e65b3563902830b964ba4197958f
-
SHA1
6444152508aff131a55bc4189e4b1f5b4c03c010
-
SHA256
5812fd07c00eae84647ae2f065dcc64d60d59e08a218be2f3322cf6ec7d91d3e
-
SHA512
ae8c6900191f56ffbe8a3c517a955a5a3f1d47478344fa66f40363b5a12db6b2bf27e125face02cd16abeb15e128058e9ecb7e7faf6e857cf9d1b056796a72dd
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0z:jDgtfRQUHPw06MoV2nwTBlhm8r
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1680 668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5812fd07c00eae84647ae2f065dcc64d60d59e08a218be2f3322cf6ec7d91d3e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5812fd07c00eae84647ae2f065dcc64d60d59e08a218be2f3322cf6ec7d91d3e.dll,#12⤵