Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-04-2024 19:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll
-
Size
515KB
-
MD5
4213f5e7a5f1638f13a8a41652b5055e
-
SHA1
7c10369c5efba5dd74377cb09c572ad6a1169519
-
SHA256
22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7
-
SHA512
da90b88f951b40727bb0539172aac2d0d31a955a3dbb9b5dcf78cd98ce345cacb72952c45807f33b096ecd95a82723a0880a9bde4a05a464cb1d4bd9006da050
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0O:jDgtfRQUHPw06MoV2nwTBlhm8m
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28 PID 2924 wrote to memory of 2940 2924 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22fec6cbf94378c83c02cc24d8cfae5f22e9ed60addbf8f9f2507b35b4d002f7.dll,#12⤵PID:2940
-