Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 19:21
Behavioral task
behavioral1
Sample
e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8.dll
Resource
win10v2004-20230220-en
General
-
Target
e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8.dll
-
Size
460KB
-
MD5
e8e97043ac584afc203d2ffbf5672419
-
SHA1
7cb28bbeb9489e4a147525cdfc80225281197a59
-
SHA256
e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8
-
SHA512
6cbc54f7347a4425de27fcd7af72f7d2cbd905259701cc8f42cb1d9ca2cb98dd8d73c81b62b5d2e39d60cab116f5f7ba1b62890198dadc6aeaee2b845b0366ec
-
SSDEEP
6144:+P8Z95CA0hUxFtuY/beeCC+qIBBM5/UKi24xgY3OTLnmj1d7E5OHvCVrOczheE:wUuhUFtuYzeI+qIM/UKi24piijBH6Jt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 2012 1268 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7684b2d2bb63eba30718eb543991925c6c9cf1cc41cc014df64ed0cfdaa7ad8.dll,#12⤵