Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12-06-2023 20:48
Behavioral task
behavioral1
Sample
170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d.dll
Resource
win10v2004-20230220-en
General
-
Target
170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d.dll
-
Size
695KB
-
MD5
d2413ee153ed88e3ea45518a27775306
-
SHA1
381189246f13bea527e2654f394b9df98d7816de
-
SHA256
170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d
-
SHA512
08c4729d0e53dd87f7729c502b71dd8137b232424c52b4603c262ff62ad73c88e337a0f4cb5b49fea99180ec0a0590e244da2f797363c4fa40716de2ce8371bf
-
SSDEEP
12288:9SCX0YI+/K9mwGk7H7WDPsPOYA14yu0fiWv/KYmp8nZkuDal0/WRiZf:9ShWeekzqLgVWv/Y4HDaEfZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1972 2008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\170fa3692896e87d91cf221cfadebc056f5255f52c454ceb7c9f41696c07ea0d.dll,#12⤵PID:1972