Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:36
Static task
static1
Behavioral task
behavioral1
Sample
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll
-
Size
2.0MB
-
MD5
35d9667ad13add8d29b087c335d758e9
-
SHA1
9c1a2d365237d5218852501295502748d42f4c25
-
SHA256
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211
-
SHA512
4b09f7a6b3ce6578db925e2b6953b840ee6bfc00db03f8726c07c94f05e7f9d87e8384183829c46450834a72afef552b44b41c628236dc832d8f7f4172e60505
-
SSDEEP
49152:4FIbdyf/vgyuEC3GaeqlVi9/6pNMEhJL1Hvrp:QIbg/MmaeqlVi9/6pvp
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1708 2000 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll,#12⤵PID:1708