Analysis
-
max time kernel
48s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 12:23
Static task
static1
Behavioral task
behavioral1
Sample
14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff.dll
Resource
win10v2004-20221111-en
General
-
Target
14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff.dll
-
Size
184KB
-
MD5
df7fdcb524d820f1ac50c53fa28a0b5d
-
SHA1
23b695963c78a86293f91d6e3a040ded1037f136
-
SHA256
14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff
-
SHA512
5590756fb9b24a87739202851344ef58d87275a65a879a8041e709df40ccb2a439389329cb4411e5f86c51fc2820693c6b012d1a5b9da585289ba406e05ae76c
-
SSDEEP
3072:qiuSbh0jymLioo95WBoQDxa85a7+Md2Q8tyvB4bXAoJsA42dianL5M4vks7adms0:5WjymLioorWBfDY8Yrd2Q8tyvPoixlSP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28 PID 2024 wrote to memory of 1216 2024 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14820c1b16103aeba4dafc3c6162abe2b9f314d41f485302d32d7d1e78fb6dff.dll,#12⤵PID:1216
-