Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e5375a1b2add17252046a96617a4226027919f4b8a094755e156b2df05d33d4a.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
e5375a1b2add17252046a96617a4226027919f4b8a094755e156b2df05d33d4a.dll
-
Size
2.6MB
-
MD5
f2303e01c8bca22c26b6b54459c7b223
-
SHA1
be2bfda5b99c34548f47992ff4a33269f48331bd
-
SHA256
e5375a1b2add17252046a96617a4226027919f4b8a094755e156b2df05d33d4a
-
SHA512
082a3e22aff1376ab6d1b9ad1b8e11d8b05d4106fcaf19c2973014d9b1b2ef820eb416c4fe92503a97599fffd4432cdddac39d3365d845f36c95751ad9098166
-
SSDEEP
49152:8HmxzufYx2rnDlkxIKSI4Mjg6oF47dYc9D56cv93GzPTHGo8KXkVezuHyhv9aQkt:zzufYOnDlkxIKSI4Mjg6oF47dYc9D56R
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe PID 2124 wrote to memory of 3032 2124 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5375a1b2add17252046a96617a4226027919f4b8a094755e156b2df05d33d4a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5375a1b2add17252046a96617a4226027919f4b8a094755e156b2df05d33d4a.dll,#12⤵PID:3032