Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
03/11/2023, 05:43
Static task
static1
Behavioral task
behavioral1
Sample
3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac.dll
Resource
win10v2004-20231020-en
General
-
Target
3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac.dll
-
Size
4.5MB
-
MD5
ab90f9e87290c933f357ffcc9b5192f8
-
SHA1
ef79707b7428578128f505c73c2c8c36ed76f847
-
SHA256
3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac
-
SHA512
94d3f7f9b103664d3aca2a9269be08375d47fc9a248070bbd87427fa5777ca2b4e70155e7c1a999eb4176403910c73f5a5ff38bdf21282dcf66618061365aa04
-
SSDEEP
49152:K7rvgZS5xj7isO+ux3hqypS2zaRkSNZKGTzfHYcgnBMwL1NOTdBPL86H1S:KWulxuBLQRHLTz/ZhRH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28 PID 1580 wrote to memory of 1484 1580 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3239560b59a845bc8363336332fa54f7089a31575b477264368e5e37ef60f1ac.dll,#12⤵PID:1484
-