Analysis
-
max time kernel
115s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 13:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
491f15ecc254100275ccfb88c5dca40e.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
491f15ecc254100275ccfb88c5dca40e.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
491f15ecc254100275ccfb88c5dca40e.dll
-
Size
72KB
-
MD5
491f15ecc254100275ccfb88c5dca40e
-
SHA1
fcaa25287622cd50367d9f1ee8b304011dd2306d
-
SHA256
fbdd5b5c8cf9c90ea77778be587f854a9d258872306c075bc7d39709329a0932
-
SHA512
c9d70cc14c2319f12c200d1d005b4c6c08de288ba04c5f337642182ed17ba1dc5036cb93a9fc1fa9dac1b4f3bc273c8ea2fd196773c5a93e2d44a0c862e05c49
-
SSDEEP
1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28 PID 1352 wrote to memory of 1572 1352 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\491f15ecc254100275ccfb88c5dca40e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1352 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\491f15ecc254100275ccfb88c5dca40e.dll,#12⤵PID:1572
-