Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
24-06-2023 18:57
Behavioral task
behavioral1
Sample
5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1.dll
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1.dll
Resource
win10v2004-20230621-en
General
-
Target
5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1.dll
-
Size
758KB
-
MD5
0c717549e3d81c6df2a7c6bd7a2bcaa7
-
SHA1
1cce5680b14a958237a6cf12a9119841a912062e
-
SHA256
5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1
-
SHA512
36842ce46813821c31cd132f72777ac212eab905cf7117f214df2ec6b5e6b05faa76c04b57a2e9c1871237b2711fad6bf387bcb0351dc09764b115cc7faf6dbd
-
SSDEEP
12288:B1SRTImvTyKC5zrtyliAL+0vcWE3KnxPClqbmgZFK/lGRgOUqmq9kR6lhKX87Qxe:B1yTImbyZfQ360ve3qP5bDFK/cRgOnmE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1108 2036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5928c47fba851d5f724543fb9c07c901d807c610f15a1bf9ed31e7bcf02aaff1.dll,#12⤵PID:1108