Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
23/09/2023, 05:45
Static task
static1
Behavioral task
behavioral1
Sample
a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll
Resource
win10v2004-20230915-en
General
-
Target
a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll
-
Size
2.1MB
-
MD5
40fccf82b1d556ab14cd986a5a057750
-
SHA1
cb7e5c3187d0e01d42a6da94502911189e38b04d
-
SHA256
a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585
-
SHA512
4c9826365f572954782201a9785fd85c42920509a54cac4d9cebece5a6fa071d1fc63bbca2889d945a1b102aecf6a7eb317769e7834d4125f6518184723271a6
-
SSDEEP
49152:vcz84B8m/mJ+QAXJmImEfZOkNPSTqctjRTDpJMM9:k7qm/wMciPSTqsL59
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28 PID 2688 wrote to memory of 2328 2688 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a96e3143887ce923ae1382efac93a095947452fad8cba692958f9a6ac6998585.dll,#12⤵PID:2328
-