Analysis
-
max time kernel
118s -
max time network
199s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
18-11-2023 05:17
Behavioral task
behavioral1
Sample
B950169921D1437CEF4A85778CD81636.dll
Resource
win7-20231023-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
B950169921D1437CEF4A85778CD81636.dll
Resource
win10v2004-20231020-en
2 signatures
150 seconds
General
-
Target
B950169921D1437CEF4A85778CD81636.dll
-
Size
30KB
-
MD5
b950169921d1437cef4a85778cd81636
-
SHA1
3d20b1c6f93029ab557819efd1f32afc25ac1e88
-
SHA256
da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c
-
SHA512
d0b87c1a119ba712c8b85fcb442286133320ec03df589276106987f2947ebbc603dfabaad7e2efbec4998067ef508f1c12bbc5a54502097665315a7b9ba9cf70
-
SSDEEP
768:Ugj98hSEzIOxO+OZWBaFWsBC7wU6LPLoEf73Wud9BdoJrZmZEMb+:Z0IOxO+OZWBGWsB+w93L39BdoD
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 2 2792 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe PID 2776 wrote to memory of 2792 2776 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\B950169921D1437CEF4A85778CD81636.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\B950169921D1437CEF4A85778CD81636.dll,#12⤵
- Blocklisted process makes network request
PID:2792
-