Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 09:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
14839615db4b261d73f21e05d63a2624.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
General
-
Target
14839615db4b261d73f21e05d63a2624.dll
-
Size
306KB
-
MD5
14839615db4b261d73f21e05d63a2624
-
SHA1
47b2670d7d3dcc52572844e7c8f0a720c4be7790
-
SHA256
29eb9ab17a6eab29731b74b48b6d9a2809818d4ee4892ba362b31c7d4a072b2e
-
SHA512
577ede8b9cf330e32f37ef349e2503b57184185ec9e6b8edbd6685c04f32caace7b85a7797cb81a0939d95c13f6d2a18c25891108968c6e0386cc7f39add83e5
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q08:jDgtfRQUHPw06MoV2nwTBlhm8E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16 PID 1328 wrote to memory of 2340 1328 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14839615db4b261d73f21e05d63a2624.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14839615db4b261d73f21e05d63a2624.dll,#12⤵PID:2340
-