Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16-08-2023 03:39
Static task
static1
Behavioral task
behavioral1
Sample
19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0.dll
Resource
win10v2004-20230703-en
General
-
Target
19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0.dll
-
Size
908KB
-
MD5
07f060ee04948d2a58ce471040e96ca4
-
SHA1
cb4bcb1c32b3692ba3ad32f09b708e57f9b5d6fd
-
SHA256
19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0
-
SHA512
81b91fdbbffd62e19a7216b87007c0562252f7d1f057a5b15569d81f139765750b7c26721db22ffa8056c54688bc88fcea541cd2e95cbd494aa3c952b3506da8
-
SSDEEP
12288:nr8h68Zvh5reVA7r051oAQmj0tjzrAUcrF/h8WTqgeyXJI3fZ:rePZhn0rormj0tEU0FpdTgCJQfZ
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2488 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28 PID 2580 wrote to memory of 2488 2580 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19fa235384d46e649c95eeabb96342c02904c9362ca594c094e003244a0ca6a0.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2488
-