Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
03-11-2023 19:55
Static task
static1
Behavioral task
behavioral1
Sample
99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1.dll
Resource
win10v2004-20231023-en
General
-
Target
99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1.dll
-
Size
2.1MB
-
MD5
7a0ffc930334f045d754c4f72f760c3a
-
SHA1
17d81741d09390e51db9ff4774d92cb76f88967c
-
SHA256
99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1
-
SHA512
af7e0850149a8e2b596f964a3f8e47e711948015fa783486f18b23717461fd9e05b93cb538fac05e5653018076cccaa218f461090d3dc67d04ecc2bd0d4f8136
-
SSDEEP
49152:vcz84B8m/mJoQAXJmQmEfZOkNPSTqcRjRTDpJMMLe:k7qm/eMc6PSTqEL5a
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28 PID 2448 wrote to memory of 2460 2448 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99a6bbe99264009d6dc1db0fb334dfb605d1d0c5cb55e05d65b695d9949320c1.dll,#12⤵PID:2460
-