Analysis
-
max time kernel
143s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 21:46
Behavioral task
behavioral1
Sample
ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll
-
Size
352KB
-
MD5
13218edf2f62787a2777b44096844c5b
-
SHA1
911a723e438e13eb82f487efd35ad5e3016da081
-
SHA256
ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1
-
SHA512
0ae5dab7e465668984c385b04c8266fd451fbb76e37c47752cb1dae86720a5ce6f2bb259d2946ecee604595c8600210d5a14f452d2ff7921a2710690857d7eae
-
SSDEEP
6144:5mA4uETOaBZLlHN3Xm0JkHXiPEamA4uETOaBZLlHN3Xm0JkHXiPEP:5F4kaBZNhXRuSPJF4kaBZNhXRuSPQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28 PID 1780 wrote to memory of 536 1780 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed9f814effdebe9ab5af52959bdfa543f236a485a333b9defd94749780275ec1.dll,#12⤵PID:536
-