Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-05-2023 02:41
Behavioral task
behavioral1
Sample
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
Resource
win10v2004-20230220-en
General
-
Target
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
-
Size
105KB
-
MD5
fe9c8e7f7ce274b5096a81ad2dfccc15
-
SHA1
0a5b892c907413300a8f249bfba51624f2552b16
-
SHA256
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573
-
SHA512
7a01ec7d754c5b2a9e5e7bd7fa0340237d2498b8d903d12c6718ff7271a2916c9f740b5c408f387f1b809596bf9e545ec8b051479b7f4f882192812b8f6b3ef9
-
SSDEEP
1536:S8IyWVObZzMIOP8GVRigfij7ZdFeePAhhnMcKWSb4lWy3VoY:S8IyYObxROP8GVkgfiPZrLPGnMcwubF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2036 2044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#12⤵