Analysis
-
max time kernel
149s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 09:04
Behavioral task
behavioral1
Sample
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
7fb952136a2ca3f50bdf7a1a05dc6b6b.dll
-
Size
748KB
-
MD5
7fb952136a2ca3f50bdf7a1a05dc6b6b
-
SHA1
fe372ffeb3b8c487a96c4e9669ae73b24d93994a
-
SHA256
02161e2ebc462a327c1f9723d16410959cc7b87da3671509981baeafe1456e6d
-
SHA512
ae37eaf1a1715ea4a7c9f78bb9b12d99565e645cac889969ab2f921c0a5b86d367f2f2346b3b0dae0d9835f9533f0481c8000980eaa5cf5a3c735bddf2f25817
-
SSDEEP
12288:PrTmzUHgoZ4wcY6mN9ELoGd/VVz7V8KEpKIeyqEJtK8UeJixjFNehis3bKy:fIUH0wx6mN9ELH/TF8K2KBydJgPxQ+y
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2456-0-0x0000000002230000-0x00000000023E9000-memory.dmp vmprotect behavioral2/memory/2456-1-0x0000000002230000-0x00000000023E9000-memory.dmp vmprotect behavioral2/memory/2456-2-0x0000000002230000-0x00000000023E9000-memory.dmp vmprotect behavioral2/memory/2456-3-0x0000000002230000-0x00000000023E9000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1460 wrote to memory of 2456 1460 rundll32.exe 87 PID 1460 wrote to memory of 2456 1460 rundll32.exe 87 PID 1460 wrote to memory of 2456 1460 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb952136a2ca3f50bdf7a1a05dc6b6b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7fb952136a2ca3f50bdf7a1a05dc6b6b.dll,#12⤵PID:2456
-