Analysis
-
max time kernel
29s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-06-2023 19:35
Behavioral task
behavioral1
Sample
3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll
-
Size
128KB
-
MD5
86be2e85b7dde6b50d6f39a42a188274
-
SHA1
8066a2e9b010fbc9e29aea806def8091d126e499
-
SHA256
3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026
-
SHA512
21d57b2e82d6d40192d274be0904eca2dc2afb6cb9abed8ef5d33a2167f6c6e274c877829a80c21c8378f8bcb6c14de1729410edb6b9a3bab7a885738f5e4da0
-
SSDEEP
3072:CwXImqM3deodCuXMRFaPj+2RqDazmmRBH65V3:Pp7RdO7N2w2zLMZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1228 1232 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffb17b6d1c393da291fdb1e3240481e984a2a6c6df8be88f3db59b913c24026.dll,#12⤵