Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2023, 00:53
Static task
static1
Behavioral task
behavioral1
Sample
boris_is_back_in_town.dll
Resource
win7-20230220-en
1 signatures
150 seconds
General
-
Target
boris_is_back_in_town.dll
-
Size
595KB
-
MD5
aed7110a64e1a7be0cda22a92c43bab3
-
SHA1
6ea4805f92a9c2a8205977c774649522a7f7e00a
-
SHA256
ff0730a8693c2dea990402e8f5ba3f9a9c61df76602bc6d076ddbc3034d473c0
-
SHA512
fa339d91ab8b90ab17466f3d908e8605bef35bdc9348e72f98e1a2440bebb9259cbc7a82b4fe49afe42fc7b67f1cd5f879b5c0c8c21ed49e6877a8654da846ed
-
SSDEEP
12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oYfu+3:dt/xk37hyyzl1BP4fto6u+3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28 PID 1676 wrote to memory of 1364 1676 rundll32.exe 28