Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
15-01-2024 16:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5d951b5f89c57f0c0d86faef17768594.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5d951b5f89c57f0c0d86faef17768594.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5d951b5f89c57f0c0d86faef17768594.dll
-
Size
13KB
-
MD5
5d951b5f89c57f0c0d86faef17768594
-
SHA1
1f6888ce0c45299d7657c12eac0dda4e7d8456b9
-
SHA256
726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0
-
SHA512
da3c5b6dae39970a7f66f41b376424f77484c7e4df3d756c1795c97122ae05a3715ac8160a2bde9b3191bf296e9d5bad1767ca6ed9f01842d0b2cf1c6037188d
-
SSDEEP
384:YZLEcGtJG0uhcqZJIS5yoakJVuqbbV+ujzlm+M7i:WAcGts0unj9akfvX8EX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe PID 2272 wrote to memory of 2340 2272 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#12⤵