Analysis
-
max time kernel
122s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 19:21
Behavioral task
behavioral1
Sample
a405754bf763698c04ee4c6b0303e5b4.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a405754bf763698c04ee4c6b0303e5b4.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
a405754bf763698c04ee4c6b0303e5b4.dll
-
Size
96KB
-
MD5
a405754bf763698c04ee4c6b0303e5b4
-
SHA1
ed69901a40a833ba8be3460494ae72ce81e5b35b
-
SHA256
e4266a5f4adebc888b093c114f763b900e8b2254f6eca8f92e0b2dbffa66c4e2
-
SHA512
c7c171bb6ee398bc4e7f64c0c03c62913b5bb2b5dd89dc6f4dac8ac8d3680ab690f501d06a55fd26da4f1ac4d26454fa3a564df8ee92df878d92b40ef6c83057
-
SSDEEP
3072:unmOAjK+NJCIKOjm49xsPxxtKGCKglEmx4:qm/jjCVZ4nGxtRCKgjK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28 PID 2280 wrote to memory of 2456 2280 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a405754bf763698c04ee4c6b0303e5b4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a405754bf763698c04ee4c6b0303e5b4.dll,#12⤵PID:2456
-