Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
18-11-2023 10:29
Behavioral task
behavioral1
Sample
b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b.dll
Resource
win7-20231020-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b.dll
-
Size
899KB
-
MD5
d3218a3ae8490fc8879f655ded9d79f1
-
SHA1
9861946bf1e77b19a342432e45c18be4f55956d5
-
SHA256
b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b
-
SHA512
d6994904fbf51d53df13e624b2ed8b093e29f2b65a8e03f4617caa92b013a2fd5045db0754dea46d0ab3526398a26a6cdc95dd62904da81f102eaf79e53e3519
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX6:7wqd87V6
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2300 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28 PID 2508 wrote to memory of 2300 2508 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2099bea8289dc360cbc73a62aa95d10daf9e0d0b2a3d774a59c0f23921ea87b.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2300
-