Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 12:17
Static task
static1
Behavioral task
behavioral1
Sample
93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll
Resource
win10v2004-20220812-en
General
-
Target
93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll
-
Size
99KB
-
MD5
505e9fab828bdae4af81b737aeca3d8b
-
SHA1
85ff979bc1dfa1b968a3326d5ba44e62eb2a4864
-
SHA256
93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1
-
SHA512
d16bfb667b6d695e61378f3fddf3f9fff999ce319d824107d9c9f4dc16914b188f625d410b430b52528dfacddd4d747ef7d5125e7de2291c3864d54bdafbc31c
-
SSDEEP
1536:ScWV/1KFfw7ZlhOnBtBnE1sLa6zl6MvXsZUbPzS3OU+R5Ndss1hVPI:XFo7ZlAHBn/bl6M/sZePer+bN+s1DPI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27 PID 1096 wrote to memory of 984 1096 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93682b049342393773624d4a291000bf6222dc4188150d9a1f0553d763667ce1.dll,#12⤵PID:984
-