Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2023, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
fucking_boris.dll
Resource
win7-20230220-en
1 signatures
150 seconds
General
-
Target
fucking_boris.dll
-
Size
591KB
-
MD5
749a3198473b85952856ba37e0ef72d3
-
SHA1
b6c320720454aacd53a27e99aa52d91e09e24486
-
SHA256
f712b101ab81e66b70ff977f33a860a52128b94165e7c8813a9b042b67a2fbf7
-
SHA512
51279a508b3b93c3ebdfb3d66d08cf686835b9afca904b77d35697b9c264895cf8b6e9f053faafc54c941bb07376b85b30b0e29740ce5eb472cb7921d1691a96
-
SSDEEP
12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oJfu+3:dt/xk37hyyzl1BP4fto9u+3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28 PID 1992 wrote to memory of 2004 1992 rundll32.exe 28