Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
12-11-2023 09:06
Static task
static1
Behavioral task
behavioral1
Sample
5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c.dll
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c.dll
-
Size
1.0MB
-
MD5
9fe1d5469f01df93b343a97b0b3578d3
-
SHA1
a3d57de2e4e5a452d4a7b1a044ce3582b6924a8c
-
SHA256
5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c
-
SHA512
bcad5646e24a001213348289b2dbd7535b88d03a7d603ace4e45b530ff068698a7cd24aa940fe49df9db6786dab0d02219b0b9a962328657895fbdae19e454ae
-
SSDEEP
12288:d2MUmOG5O9l2ocle47k6CZLCgHHAzl2ZkG5tTIXaORE3aA:d2MUmxLocl37UZLCqHolkdIXaORE3aA
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 45 IoCs
pid Process 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe 3036 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28 PID 2988 wrote to memory of 3036 2988 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5118a5ff50d0e2faff7b0fe2f69362757486d6d43888174e330f44cf3e13db9c.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:3036
-