Analysis
-
max time kernel
26s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 17:34
Static task
static1
Behavioral task
behavioral1
Sample
e326a4bc355e187429487d17f057a824f06c4f28eb3410dba2b8205b124fdbae.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
e326a4bc355e187429487d17f057a824f06c4f28eb3410dba2b8205b124fdbae.dll
-
Size
681KB
-
MD5
ebe260d301fa7f4c401b6aa7ad7c8d90
-
SHA1
dc1e9e2f8ad7ef4956320db8b2f7cb9bc87046c2
-
SHA256
e326a4bc355e187429487d17f057a824f06c4f28eb3410dba2b8205b124fdbae
-
SHA512
9a2910507102f93ef1b3937e940ac6e8caf047663251cc7f88af468b1839c7a88c64cf482f1dd400514449810a62395db60ea17e65248b2508c0b374ab55704b
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0J:jDgtfRQUHPw06MoV2nwTBlhm8x
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 960 2040 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e326a4bc355e187429487d17f057a824f06c4f28eb3410dba2b8205b124fdbae.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e326a4bc355e187429487d17f057a824f06c4f28eb3410dba2b8205b124fdbae.dll,#12⤵