Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 02:55
Behavioral task
behavioral1
Sample
7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92.dll
-
Size
1.7MB
-
MD5
1497d8db6552acfe271b13748597672f
-
SHA1
6d14e1a924d363cce2e686245ddd67c5832c650a
-
SHA256
7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92
-
SHA512
6341ac4a70c487bf34d9850d0d03688dbb08e40bf48e2257cb9927d2ff0494accc3b5819e2b62942b79b4249559cedf87bc5e961f78f055a32caa63a944e938a
-
SSDEEP
49152:8yt/qU37IUvOftm5I/KKxXWtml7+mTH7X:1tCS7IUv2ZGs5xH7X
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1280 wrote to memory of 4052 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 4052 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 4052 1280 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0a9d49db15899eee04c37b5afb5f97c2b37aa1129ff40c62dc58804014da92.dll,#12⤵PID:4052