Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
11-05-2023 01:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
sneakyboris.dll
Resource
win7-20230220-en
1 signatures
150 seconds
General
-
Target
sneakyboris.dll
-
Size
899KB
-
MD5
ca2f9b47bbb7d59a2a108be4eb01fe5a
-
SHA1
25faba56b6087c64e14c4fb0c204ed9f45f230d0
-
SHA256
fc3e6c67d824970f52cbc4c85a18ddf6f03afe3d5af5279c633b02c0b96f2ae0
-
SHA512
3e236c17ed14950aa5584688682c9bd451bebeb5a69de41e77a26fd93d51cdd040d7339c5b895e86ba1208bfdf52ba992ccfc12a4876fee2df9a60ff4e6a0e46
-
SSDEEP
24576:sHA2XMYABs772W/8vLc/9sgR+OVnh8gt42vCkzeztwPOfQWy5UuxVFLqsl:UMYABC8vLc/2jA8gpUuxVFLq6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27 PID 1076 wrote to memory of 1752 1076 rundll32.exe 27