Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/12/2023, 00:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bd095d31c3fda1f0913f3fe779225448.dll
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
bd095d31c3fda1f0913f3fe779225448.dll
-
Size
281KB
-
MD5
bd095d31c3fda1f0913f3fe779225448
-
SHA1
4d0eb36a03199c82df3ec57efc165ac63b4eb05d
-
SHA256
33a6fcbdbfe8d6f234c4fc4d149af6cb88f0c7972d8c640b8eb6381704024477
-
SHA512
6158a4230a3abb259274ca06e78290e940c43fe581f4a678dd20bd0e9ddf477b0adf7c38a2b4a89253c0d816b95a307fb797663a91bf56fbb8b295a71f904174
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0L:jDgtfRQUHPw06MoV2nwTBlhm8z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17 PID 2360 wrote to memory of 2084 2360 rundll32.exe 17
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd095d31c3fda1f0913f3fe779225448.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd095d31c3fda1f0913f3fe779225448.dll,#12⤵PID:2084
-