Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-12-2022 05:22
Static task
static1
Behavioral task
behavioral1
Sample
CX.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CX.lnk
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
friskingly/classics.cmd
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
friskingly/classics.cmd
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
friskingly/reformism.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
friskingly/reformism.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
friskingly/titivating.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
friskingly/titivating.dll
Resource
win10v2004-20221111-en
General
-
Target
friskingly/titivating.dll
-
Size
599KB
-
MD5
b18962586238e5a713b8a9dda2928ac6
-
SHA1
5e14559daeb93083171d8d4e3bc63ebb72b88e6e
-
SHA256
97a3cb32f891f0d01251c307356a5e89a71ebc9af24fde703f8e04aae24a72d4
-
SHA512
240aeddce61725162a292a6e33668eb2e67a86a448f57cb9bafef94f419b26277577af6ebd6e4825ad54d131d60f9d619b0fa6dd5f1ba63d78600ba854f17cf2
-
SSDEEP
12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpy20ZsGOIBrupfJ:W+hnXWi+2pZG40P6nIBrUJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1428 1044 rundll32.exe rundll32.exe