Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 13:30
Behavioral task
behavioral1
Sample
dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b.dll
Resource
win10v2004-20220901-en
General
-
Target
dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b.dll
-
Size
140KB
-
MD5
0826b5b7d0c788c7406cbd5bc9ac13bc
-
SHA1
f777270f74e6331f03b96eb26e2c6d9aef789a03
-
SHA256
dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b
-
SHA512
72be8527c24df274b8c5d8fb22665b6b41d1b70de188e46afe5b83d94fa637ff302f5fa0ee31d62b4c3388944ea697586d39763a41e38be2ebed433c42cd9a96
-
SSDEEP
1536:jRpGpJRiQoFXQx7yjKEjwTP9TkEpIZpjI09sNNiOGK05BN2MJuKKTPS5bUBKyvLL:NApJRToUyjl+I1pjI09s7mKPBLG/l4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27 PID 1732 wrote to memory of 1188 1732 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb5b85acf232b11fa5d7e196cb00a7e881c63da732e061ed95ae07db703c21b.dll,#12⤵PID:1188
-