Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 03:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4a579aa816c17d05b726de7080fc75e9.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4a579aa816c17d05b726de7080fc75e9.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
4a579aa816c17d05b726de7080fc75e9.dll
-
Size
93KB
-
MD5
4a579aa816c17d05b726de7080fc75e9
-
SHA1
faa14879351f7ebd164182087ef1747d454b149e
-
SHA256
f765a5af88b140ab25e41fb5c9e9d25899bd576d2fa8dc72f056eb79c6d59b78
-
SHA512
89350a62aa17a0f35c64dbbd38a735f46da0b399b6529184b21475fc776e270fb0036796750be280ce3308fedfe5673fbe8cb440ac05cd00edef2cc065ed176d
-
SSDEEP
768:jvfTPWTqzf0RoZK+Kg5PUhse6hjDHiW/8mvNdShfZg7eeIC0HFKVLXCsukLkHk0d:LvrZK65Pgse6hjbb/FCbFcCrkLkH8F
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14 PID 2372 wrote to memory of 936 2372 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a579aa816c17d05b726de7080fc75e9.dll,#11⤵PID:936
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a579aa816c17d05b726de7080fc75e9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2372