Analysis
-
max time kernel
20s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-02-2023 20:09
Behavioral task
behavioral1
Sample
46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll
Resource
win10v2004-20220812-en
General
-
Target
46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll
-
Size
1.3MB
-
MD5
e408643b442fb6c7c10c5304a9a38028
-
SHA1
e2d87ae4286037d332a3d83fc41a4f8e265c0551
-
SHA256
46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8
-
SHA512
8206994c0a5bdb81217af762fe0ad662a2e6d39aaf70f338a03a04cbcc55069646ea173b74d071eb56cd97961d8a53ff352c55bd0f6587319d8579d9611202db
-
SSDEEP
24576:hXkAqDNncmxzMjo2hgk/T+SKemGlP6XB4NHloWVjBK0qEyBzfKtWzuZjJ:hTqa63Wgk/TGefSCNKWt+EYimWt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1520 956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46370e315afac3c23e1435c332bf8ab13ca4555c8d3ffb2cd73007559e1827e8.dll,#12⤵PID:1520