Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
26-10-2023 06:02
Static task
static1
Behavioral task
behavioral1
Sample
295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d.dll
Resource
win10v2004-20231023-en
General
-
Target
295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d.dll
-
Size
271KB
-
MD5
fa7d98ef21b82974207437ba36d1125a
-
SHA1
d14b875d28762852460c6bc941d4f0f0209bdb30
-
SHA256
295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d
-
SHA512
e55e25c05755b60722982fcfbdd5952e753839e0701f763f353225d1bdbe044eede5522ed72c9114d0e37996d9f9437fc7449e7cdf53f72763058a0d49054201
-
SSDEEP
6144:MEzp4qIDRd6EqFmcCBk9LHZEPSZ/Of626BioBRXFsjf3FOUXzsezZOi:1zp4qIDqRi8ZEatP26BzzU
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 3024 set thread context of 1196 3024 rundll32.exe notepad.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
rundll32.exedescription pid process target process PID 3024 wrote to memory of 1196 3024 rundll32.exe notepad.exe PID 3024 wrote to memory of 1196 3024 rundll32.exe notepad.exe PID 3024 wrote to memory of 1196 3024 rundll32.exe notepad.exe PID 3024 wrote to memory of 1196 3024 rundll32.exe notepad.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\295fed0d36a76d8473a2b5ad22548b3264f0f72ed410105b05bdaae1cde0de5d.dll,#11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Windows\system32\notepad.exenotepad.exe2⤵PID:1196