Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 19:53
Behavioral task
behavioral1
Sample
56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400.dll
Resource
win10v2004-20230220-en
General
-
Target
56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400.dll
-
Size
172KB
-
MD5
6f42b33abc614c61c114133951cdd168
-
SHA1
5c739ac5c5edf3c3656eeb1c007a4d5770afca37
-
SHA256
56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400
-
SHA512
531d841b5a8165cb7d6b1bcafa2bbe9b29aea8ac603ae6f038258e43f533de067a0bac599dba7fe337b5c3e3111f235c6bf8b752e0f90d6a9084a6e55f23a9d1
-
SSDEEP
3072:QWyfAiLdSnmsybei9iY/vQyf/vVTGYVWQnXxC5SrU+d0ywAjgth2bpa5puOG+q:VyfbYmsybtzl3vpG0R43f2bS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe PID 820 wrote to memory of 1452 820 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\56b1eaf9a4882b48fbf52549366c28b01943b5ae0ed884f003542ee0b6f64400.dll,#12⤵