Analysis
-
max time kernel
124s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
08/02/2023, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
1cfd78420793c0fafebf0f4e1a09c1ff.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
1cfd78420793c0fafebf0f4e1a09c1ff.dll
-
Size
1.2MB
-
MD5
1cfd78420793c0fafebf0f4e1a09c1ff
-
SHA1
8c6df311b3f42ffab51df0d411cefae923ef0929
-
SHA256
329501486d4922ccf3a28e8ecf0046151e7106dc31ea6df33670d0d15d10cf54
-
SHA512
1f4a85c4186a31c3e20f6e7dbffcf25fbf7f7587b782c3009013d643f1abcb27f2c79778a1587cb4b0ceff14327451d1b0a08ef2eef2ade94baa45f7a94dc182
-
SSDEEP
24576:BB++leR75eeScNFG0tUDWlmulwI49SnymKLRd:BMseR7IexXM/ulRAsURd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28 PID 1176 wrote to memory of 1716 1176 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#12⤵PID:1716
-