Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 08:54
Behavioral task
behavioral1
Sample
7f0d32a56049172e2f96622770f93cdf.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7f0d32a56049172e2f96622770f93cdf.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
7f0d32a56049172e2f96622770f93cdf.dll
-
Size
682KB
-
MD5
7f0d32a56049172e2f96622770f93cdf
-
SHA1
6269926fe09d3578b82fa36ffdd5570746a4f168
-
SHA256
03bed28e6a03761bfe4cb76eba6b3c91c8c014ab40a68c639aa5e7acd6bb4bd4
-
SHA512
06a06644489458308c6c0e16ce406caa916ea7b7735ebe5a7782c4ee85584d3806a8188017d4f569f8d75176964d7a2c63d744f4834324071bc17853d3777bcf
-
SSDEEP
12288:wbDACBqBA1kCe1YIDXKzXMj+GUBYB4x0PqHpyC2LQX:bm1Re1YmX/MIg3H8C2
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2444-0-0x0000000074750000-0x00000000748B5000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28 PID 2372 wrote to memory of 2444 2372 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0d32a56049172e2f96622770f93cdf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7f0d32a56049172e2f96622770f93cdf.dll,#12⤵PID:2444
-