Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 09:04
Behavioral task
behavioral1
Sample
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
-
Size
748KB
-
MD5
7fb952136a2ca3f50bdf7a1a05dc6b6b
-
SHA1
fe372ffeb3b8c487a96c4e9669ae73b24d93994a
-
SHA256
02161e2ebc462a327c1f9723d16410959cc7b87da3671509981baeafe1456e6d
-
SHA512
ae37eaf1a1715ea4a7c9f78bb9b12d99565e645cac889969ab2f921c0a5b86d367f2f2346b3b0dae0d9835f9533f0481c8000980eaa5cf5a3c735bddf2f25817
-
SSDEEP
12288:PrTmzUHgoZ4wcY6mN9ELoGd/VVz7V8KEpKIeyqEJtK8UeJixjFNehis3bKy:fIUH0wx6mN9ELH/TF8K2KBydJgPxQ+y
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1040-0-0x0000000000850000-0x0000000000A09000-memory.dmp vmprotect behavioral1/memory/1040-1-0x0000000000850000-0x0000000000A09000-memory.dmp vmprotect behavioral1/memory/1040-2-0x0000000000850000-0x0000000000A09000-memory.dmp vmprotect behavioral1/memory/1040-4-0x0000000000850000-0x0000000000A09000-memory.dmp vmprotect behavioral1/memory/1040-5-0x0000000000850000-0x0000000000A09000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28 PID 3060 wrote to memory of 1040 3060 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb952136a2ca3f50bdf7a1a05dc6b6b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb952136a2ca3f50bdf7a1a05dc6b6b.dll,#12⤵PID:1040
-