Analysis
-
max time kernel
40s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-02-2023 21:26
Behavioral task
behavioral1
Sample
06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll
Resource
win10v2004-20220812-en
General
-
Target
06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll
-
Size
693KB
-
MD5
428a0c855cc1c1a37ca105bc4ffbc745
-
SHA1
9b231fb573ea9cd5c219cbc48f7e8ca07e38daf0
-
SHA256
06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97
-
SHA512
56188adc8a0647989df48c357d4fb9dc6056361d4c2d5755cc76d80c97683a0598afeff192528f8ad2f6a16696153e2e4680d2c5d05e6307bb320b3ca4d3e517
-
SSDEEP
12288:ZqNyulBgOrv0WUwDqjUi+/0N6XVy2BkBM6LfdFSI5jpsrcjxIRuTswtQSRESdgVH:ZqNdnrv0UmdgF4uAdFr1OrcvYEbYocEu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1476 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06603297e1278da1e1b03771d6c5e352acbf9b514a7c94561f893ff89c901f97.dll,#12⤵PID:1476