Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
17/01/2024, 21:31
Static task
static1
Behavioral task
behavioral1
Sample
6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec.dll
Resource
win10v2004-20231215-en
General
-
Target
6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec.dll
-
Size
4.7MB
-
MD5
a1fd01cbab62c691744f63c92349b2a8
-
SHA1
2fa7d95b6ec0e5c7de21a28b310ebbbf5201d2fb
-
SHA256
6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec
-
SHA512
09584338601411bf112e40b6b03fc988803e21c06f5e22a832bbb0b917eb06d222c66f915678d9752b94b4fd4753a09476b3275fe6b8519542c1c4a6e6725fd8
-
SSDEEP
98304:T6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwh:KbW1wX2JGWc+nVt7Jmf5LOXxWMcvwYqF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28 PID 2480 wrote to memory of 2988 2480 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca1e62a1bbdf9f732e6ec1c6c5bba8d17d30a3f1d1c9ecb1701732e0b561bec.dll,#12⤵PID:2988
-