Analysis
-
max time kernel
120s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01/01/2024, 20:47
Behavioral task
behavioral1
Sample
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
-
Size
899KB
-
MD5
4056ff52fc3297465ecfab806e5802f5
-
SHA1
92d139b4a58c3a26f4c850552a6547a55a1f880e
-
SHA256
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1
-
SHA512
5627539c915f151b64bc34e96584cf1319546f26b26bef50730a2686bf4722cda84f937c1624dbaaa775ae684f905d138c5b066d52c8a0da79782f20d781251f
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX+:7wqd87V+
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2660 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18 PID 2880 wrote to memory of 2660 2880 rundll32.exe 18
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2660
-