Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
11/01/2024, 05:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
52a478b0712258586ff4f3b62b3e15cf.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
52a478b0712258586ff4f3b62b3e15cf.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
52a478b0712258586ff4f3b62b3e15cf.dll
-
Size
72KB
-
MD5
52a478b0712258586ff4f3b62b3e15cf
-
SHA1
9dea479c00ee86bd4ed411ebd825abf7fc1fe5d2
-
SHA256
0c18f794e55f9ac2ce73efa27286c18df90630e02d4ceb6b88300573917adaf0
-
SHA512
6c28e8e6452f5a731dee2ec33d4b58c52460fa49d34ac4d29ec0d2425578b454baaffc914b20930a759e6da4fe83b4a880bba409af64b96f3d3ec5be1511a85a
-
SSDEEP
1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14 PID 1660 wrote to memory of 1888 1660 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#11⤵PID:1888
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1660