Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 02:06
Behavioral task
behavioral1
Sample
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
-
Size
748KB
-
MD5
4f72edc93c9aa593c9c724dd9ee2a0c5
-
SHA1
77e1541befe7ffaa72d6dfdc6dd328d27965b1e6
-
SHA256
370c712dd759ed8920ea8f60e4a0fcecd11a8cfa8642fb4c9e4f7df3ab05c107
-
SHA512
f728efee7993bae408791261c7190648107a19d55e14b330b69f89e28c441c0fff3ad137a1fcd8e890618ba2b201e49b3dc6962e3a65630c615169d46277de64
-
SSDEEP
12288:krTmzUHgoZ4wcY6mN9ELoGd/VVz7V8KEpKIeyqEJtK8UeJixjFNehis3bKy:6IUH0wx6mN9ELH/TF8K2KBydJgPxQ+y
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2400-0-0x0000000000A30000-0x0000000000BE9000-memory.dmp vmprotect behavioral1/memory/2400-1-0x0000000000A30000-0x0000000000BE9000-memory.dmp vmprotect behavioral1/memory/2400-2-0x0000000000A30000-0x0000000000BE9000-memory.dmp vmprotect behavioral1/memory/2400-3-0x0000000000A30000-0x0000000000BE9000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28 PID 3016 wrote to memory of 2400 3016 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#12⤵PID:2400
-