Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 17:44
Static task
static1
Behavioral task
behavioral1
Sample
61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll
-
Size
281KB
-
MD5
2b32cc51f5495323f3c7c9cb2104f3c0
-
SHA1
73ad2476ee20bc7eb396f4c63d4719dcb2f7ae41
-
SHA256
61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890
-
SHA512
b042cf1316d0e10be4561fed13d5f65571b41a433b31a86ba2032c7c2938f3a37155a9751d5456ab0a848515e84ab0815ce575068f72bf4b0845f6a73b982dba
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0L:jDgtfRQUHPw06MoV2nwTBlhm8T
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27 PID 108 wrote to memory of 872 108 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61e54146b40606e836398d3ece39b764c6bb5be428e5b589fa54134a1a45c890.dll,#12⤵PID:872
-