Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15-10-2023 15:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dac78d292e458aa9110548122dba3820_dll32_JC.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
dac78d292e458aa9110548122dba3820_dll32_JC.dll
-
Size
186KB
-
MD5
dac78d292e458aa9110548122dba3820
-
SHA1
a0e7763d31a1a4e39f3598f6a5a3b5239c358873
-
SHA256
37b46b7e38d3bd9323533db6c1acf09292f973f9a84eef810c182aedd99c9ae1
-
SHA512
f320061232d24b5cdee797786c6834b4fe7ed83d606f58592704cd500f90130ea80e0e8c476ee04983826eed425a8972d8a3e9be033e21ff16c0596d8f64123d
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0B:jDgtfRQUHPw06MoV2nwTBlhm85
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28 PID 2552 wrote to memory of 1892 2552 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dac78d292e458aa9110548122dba3820_dll32_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dac78d292e458aa9110548122dba3820_dll32_JC.dll,#12⤵PID:1892
-