Analysis
-
max time kernel
32s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 19:21
Behavioral task
behavioral1
Sample
fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll
Resource
win10v2004-20230220-en
General
-
Target
fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll
-
Size
270KB
-
MD5
ab97976283575b97b8f7dd42ae06b1a6
-
SHA1
57b18cfc80dec71a2429c800cdc79d7a767b3edb
-
SHA256
fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6
-
SHA512
83b32528ace4c001b71263ab2fcc6401e8eb3deb27f7930bd38b3655c908021a836c2092e23c3e2698312b68b5fd5378017000b5467a4ad1d386e91651ae70fb
-
SSDEEP
3072:t2BcpmO4BZbXs8vwEKj1SScXtbZu4fFQMjbwsttME5GvMkjVdRiydO4ypJ5:mcMO4ry1S5u4NTbvRskkjtiR4y1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1680 864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fec05df7d6930d3686a583a68a1b5974d512648edd6c7a5e40e1b153c28894e6.dll,#12⤵