Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 16:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2dc58a934a0998fc39823b38c3ff67f4.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2dc58a934a0998fc39823b38c3ff67f4.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
2dc58a934a0998fc39823b38c3ff67f4.dll
-
Size
37KB
-
MD5
2dc58a934a0998fc39823b38c3ff67f4
-
SHA1
6ebb0b78a4189cda40656ddd5f4addc1f41e533f
-
SHA256
cab77ab50398110c35fc6f1004fdd54a3eb670b60d3608080d2295d2ad65a899
-
SHA512
7a7d6b84d5d62edce554ac143562e6dc66fa8b135286519fe27255e6e591a7ab0a53d61dd02c9e5a41774baaec8312a5136fd9cf255153563949f32bb8551d78
-
SSDEEP
768:zd9AgBqDJKCjlK1JPD0IJjW8SDddbc9eXSC0CqpLFSWqdj3o:zd9zsZK1JPD0CjWPddbcspESTj
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16 PID 2960 wrote to memory of 2512 2960 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc58a934a0998fc39823b38c3ff67f4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2dc58a934a0998fc39823b38c3ff67f4.dll,#12⤵PID:2512
-