Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 10:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
668b7e37a979bb955c57b4eb1c2430e8.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
668b7e37a979bb955c57b4eb1c2430e8.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
668b7e37a979bb955c57b4eb1c2430e8.dll
-
Size
256KB
-
MD5
668b7e37a979bb955c57b4eb1c2430e8
-
SHA1
bf977cb835231a5974e42fdb659ff4559322cc4f
-
SHA256
e6e65eb67507fc5db0c6a48e597a59ee15d7faa3938a8526dfe56ee768337079
-
SHA512
c5faacb9b9979080cd2d952fca576362387e6e9ae33c53365892aff5603b56591fcd5bca74439d5c5294c09e3e39838121674ac9b855e11f783a396e44a8e43d
-
SSDEEP
3072:kTto02fU9zsr2mv7DJKAJ8Ick5eTKwtZO1nS0T3Q8zx6zH/oxqdC837SavtGRCZ:utoksdB3Jlck5utYT3Q8d6zf2aDvLZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22 PID 1852 wrote to memory of 1684 1852 rundll32.exe 22
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668b7e37a979bb955c57b4eb1c2430e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668b7e37a979bb955c57b4eb1c2430e8.dll,#12⤵PID:1684
-