Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-01-2024 12:02
Static task
static1
Behavioral task
behavioral1
Sample
d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf.dll
Resource
win10v2004-20231215-en
General
-
Target
d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf.dll
-
Size
51KB
-
MD5
d2c176e9785de96fefe918b0748b7222
-
SHA1
be96803f6428c7628402bc82576836215844dd16
-
SHA256
d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf
-
SHA512
fbd481badaac379ee8ce0955f4cd0fb27f7accd26a64b414dbb2b3af7f5499bf76f7b5b42d6dd3db1583aaa083de6061f69dec695ac6285c0d979a5da351585c
-
SSDEEP
768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezYsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOB7pMC6H
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2760 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28 PID 2040 wrote to memory of 2760 2040 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8e88cdf04222c6d214c2f835b25cf5e57e97607c54eddc6d25f1b6fbe298eaf.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2760
-