Analysis
-
max time kernel
120s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 13:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7288d68b6ca96c207603106735df270f.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
7288d68b6ca96c207603106735df270f.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
7288d68b6ca96c207603106735df270f.dll
-
Size
42KB
-
MD5
7288d68b6ca96c207603106735df270f
-
SHA1
6619e2c3dfb864b394ccd94c079b393aa2258ecc
-
SHA256
96b313f37530f76b9ed888e9f796c4bc476aa46d6995318ad24ddf7633265e9e
-
SHA512
60d3487ac23303272346eec8751f75aa5ad92742dfa0b9109f971334a52fb8c1db024e6f0ebb6489854dac7ce397a563512b79e783713806d296bed9354b0198
-
SSDEEP
768:7wlgrXCa2eysN4rjBnGLIfqhohqAbdyLb1o9yia:jr/2wN4NG0SChXb81oYi
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16 PID 1240 wrote to memory of 1936 1240 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#12⤵PID:1936
-