Analysis
-
max time kernel
27s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
05-07-2023 14:41
Behavioral task
behavioral1
Sample
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll
Resource
win10v2004-20230703-en
General
-
Target
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll
-
Size
8.1MB
-
MD5
c572870e8a4063bab041896c19a60216
-
SHA1
995b43af8156390e7dd5922944accf29f5a06b4c
-
SHA256
1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867
-
SHA512
0c291013be8454e536c1027532901477a1c3c0eeeefb2d8ce8c4af9b023e535ca5ca1d3e0f4843042c945718e03daf9ba287b77e7909a4f4303ebf68d778e2ad
-
SSDEEP
49152:cSFiqWJFY83N7qsH1Gsi2naMQTCBFYpNit4xkq7CqfaJDJka1E79y2zkl:ErJ1nVGOatTWCpN16A9DQl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe PID 740 wrote to memory of 1936 740 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:740 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ea570b62dc7c7fe52ff5655217ec452004d899b7a907b7838489869b7422867.dll,#12⤵PID:1936