Analysis
-
max time kernel
375s -
max time network
437s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
08/02/2023, 20:35
Static task
static1
Behavioral task
behavioral1
Sample
RunDLL-1.bat
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
RunDLL-1.bat
Resource
win7-20220812-en
Behavioral task
behavioral3
Sample
putty.dll
Resource
win10-20220812-en
Behavioral task
behavioral4
Sample
putty.dll
Resource
win7-20221111-en
General
-
Target
putty.dll
-
Size
344KB
-
MD5
a4ed3d213af08f77fa8db0f1e04185fa
-
SHA1
0501225f9347d61de2e3df21817a9f189c0dd76f
-
SHA256
6991f1ee5f7b004d2d6ca5a166316b5f533907b13b767b6c390704aa78b36c21
-
SHA512
25cf7599cd2ea580bfbaa6ad4bff44b6caa163a19701837f3ecab89b98120b1f953f9ef6ff64fcbbcaca0a137006b97e5ef8566bb3725b9fea835a4389817c12
-
SSDEEP
6144:68HwSJZ88IKeVSi5CHvJITRTcKY+UC6vmtmHkRCfDg6vlIDAtYf3FawrI159A5:68HwSJG83i5CPqTCKY+cOOMAtYfweu5I
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5104 2392 WerFault.exe 66 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2392 2208 rundll32.exe 66 PID 2208 wrote to memory of 2392 2208 rundll32.exe 66 PID 2208 wrote to memory of 2392 2208 rundll32.exe 66
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\putty.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\putty.dll,#12⤵PID:2392
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 6363⤵
- Program crash
PID:5104
-
-