Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2956e79b303a17297e9da277a7499c32.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2956e79b303a17297e9da277a7499c32.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
2956e79b303a17297e9da277a7499c32.dll
-
Size
43KB
-
MD5
2956e79b303a17297e9da277a7499c32
-
SHA1
dcb9383e15e672734382d9be30e274fe3c525e5b
-
SHA256
ee004ef27f9b6c467a981a9fbc7cd80584146cd48d6936bb8714f16504028f59
-
SHA512
f9bc4422a0073509476b2cf17c08710eaad20c4b1c6d8099ed59bc8d8b320e398ec88ebae25496bf10ffedc8f862b123151fb59a1d63675d9e3019a8e0c97b5b
-
SSDEEP
768:xkc272CWd2Zwi6YNo0pVMJkLBFZi2Id8UiEFnfQR:x52CCYWr6oVM2fZi231
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28 PID 1384 wrote to memory of 2100 1384 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#12⤵PID:2100
-