Analysis
-
max time kernel
29s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
20-03-2023 20:01
Behavioral task
behavioral1
Sample
a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60_explorer.exe_0x5a0000-0x21000.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60_explorer.exe_0x5a0000-0x21000.dll
Resource
win10v2004-20230221-en
General
-
Target
a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60_explorer.exe_0x5a0000-0x21000.dll
-
Size
132KB
-
MD5
e6ddbc30e5c5c549483158b7280d699d
-
SHA1
ee54ed8e3fdb6f7d4099cb8661b1f419f4ffe378
-
SHA256
03f2a3543dbb6f663838d64550c2e7d17c06ac1a12772d66304480215e530540
-
SHA512
9562415b5785c86f79971de605f13d54999dc3d37ec649f743703785287a1942c997b75652e207b62daa3f6c826ad8a94dd9adb5b76f0cb5810da79c04863e68
-
SSDEEP
1536:SSEJ2QcCJjqUkL1HatV5MDsZgxx04bv+NhZw+t9HNDqFXrv4iCnToIf7IOuh7tAT:vEPcCdqGMDsZ+vDOuFbhOTBftuh7Ow
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 2032 1920 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60_explorer.exe_0x5a0000-0x21000.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a16db0d2025dff39a4a0de4071ce0e73c6810ab497453ad67c16ba0980385f60_explorer.exe_0x5a0000-0x21000.dll,#12⤵