Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26-12-2023 10:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
66cc34de95d689e5563372b2b065448e.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
66cc34de95d689e5563372b2b065448e.dll
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
66cc34de95d689e5563372b2b065448e.dll
-
Size
9KB
-
MD5
66cc34de95d689e5563372b2b065448e
-
SHA1
ddbb11932594998008a4b98630458ec66b5ee34b
-
SHA256
89ccc677942275e4015dd71300254d728b0faeef66eb3e19deb3eff6544d5135
-
SHA512
d0a72050c3014144be29de26585a0895cd62af3bc0635b654a82274e5fb7a13102aed2be98c6c67b8d51c34498d52c73a9bfb7dd42ac41f33e58a53f374df873
-
SSDEEP
96:QzKFbI+38bY8U2eU7+gd+UfYgrE9B1rnxvhjJC:vlMbdnezspYgrE9Bhnx5jJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14 PID 2856 wrote to memory of 1068 2856 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66cc34de95d689e5563372b2b065448e.dll,#11⤵PID:1068
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66cc34de95d689e5563372b2b065448e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856