Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 02:36
Static task
static1
Behavioral task
behavioral1
Sample
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
Resource
win10v2004-20230915-en
General
-
Target
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
-
Size
51KB
-
MD5
05575ea25eeeef3c5b49a1d6a1496399
-
SHA1
ca83f5110f8663118b87f2d014ef64ca958879f4
-
SHA256
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a
-
SHA512
5d5ddba279afa1347941f066bc42d3ebd145fb61f220db7abcb16606ba08ecf135e20db7fc6fe0a8e6d9d78ddc6ea8c5db2bc54db0e2d948f0a5f5f221784771
-
SSDEEP
768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezysAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBdpMC6H
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1736 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28 PID 2296 wrote to memory of 1736 2296 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1736
-