Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-03-2023 01:55
Behavioral task
behavioral1
Sample
ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc.dll
-
Size
164KB
-
MD5
f0c97dcb65a030a214f6dd33cf4a8566
-
SHA1
b23175fa1d3989baa2e3d8b5c7192554c24abf18
-
SHA256
ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc
-
SHA512
24d7963631784357c4615ef94cecda9caaf47bc33896d6c897da324d55bda70713da4957f82ead8764f82cf6af1b5d9c8d3ad015fe3354694e9c331abbb67485
-
SSDEEP
3072:AZPM0OGdUKV10OTed7/kBazzFbULOHOiPyH53ZV6:AZPMnGZVyO6F/M4qyPU53Z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 2028 1084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed49b23df7defab3df933c778183b12c019ab253330090f214f4bb5c2f89bcbc.dll,#12⤵