Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-03-2023 22:02
Behavioral task
behavioral1
Sample
ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17.dll
-
Size
2.6MB
-
MD5
f1980c447e2dba3950994d1b8be50552
-
SHA1
3e02e191e7be8f792a4c0927e8bc31b12b168dd6
-
SHA256
ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17
-
SHA512
96995c1667aa1aa44841ba508a96f4a819191859b962605e39bd4c059d9f3b9ffd3c6bc98ff27eeef577c405d4d5fbe8a240e989a1872344af5ff16ef2f4b973
-
SSDEEP
49152:t+dtb26Eb0Xgv8H6qIpP9cGe5NFcWGu0Qpbzr9mb1jLndxa77:Udc6Eb0ZaquB4NnXpbz4xY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 832 1388 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac35aa097f4fe607388ff23d470e7982ace67eef8edba7dd6ded8a31db602e17.dll,#12⤵