Analysis
-
max time kernel
29s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
29-03-2023 10:14
Behavioral task
behavioral1
Sample
8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817.dll
Resource
win10v2004-20230220-en
General
-
Target
8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817.dll
-
Size
2.1MB
-
MD5
0c086e0c8f80733ddf36c12fe1c5e7fa
-
SHA1
1dc7bf64e6b2f415100c16c445118531c55458ca
-
SHA256
8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817
-
SHA512
13bff62d0b7dbb20ed5db327421900769cc0b8d480c857ea1d63e69b7f4461b51fe7fd02c07062058bca04f6dac92cd32073d64f820adef008c66a86440d433f
-
SSDEEP
49152:5sOCiKQTEnsLEXiZWK1Ug3iMZE2JrqmRAIB5OON5mVnwP2xJ6ycbSE5eiAUl:5fiCE9K5yIA0LmVnwO76BHF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe PID 1244 wrote to memory of 1200 1244 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a2bb36ea9171bea14f14b79e564717f481d09107888bf172788d7276945c817.dll,#12⤵PID:1200
-