Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
114faf7bbd4a8781b7654d366222ae12a9fe9183b71aeca0fb211737ab5f00bd.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
114faf7bbd4a8781b7654d366222ae12a9fe9183b71aeca0fb211737ab5f00bd.dll
-
Size
273KB
-
MD5
e28264c464dbc8ceed325b7f6d1e961d
-
SHA1
4b67676ad6122bb9b6b0567104ea87b3d2382735
-
SHA256
114faf7bbd4a8781b7654d366222ae12a9fe9183b71aeca0fb211737ab5f00bd
-
SHA512
b40bb703b448bdb6bee36818acd68b3a616f7d3a4d2ccb54087137ac779abf2f01b2cc4fb4179ce6edaf7728c8b9f6ed48e75dc4cc522f8bc7e19478b7f9d501
-
SSDEEP
6144:J78QXq4cEWDCSnSygQamXLJJ8TkCi4aEkmHbBheU8Rir1GsJEuFTAT4SMDzC:J78QXqxJx6kCi4aEPveY1GsJEuFTAqDG
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe PID 2460 wrote to memory of 304 2460 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\114faf7bbd4a8781b7654d366222ae12a9fe9183b71aeca0fb211737ab5f00bd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\114faf7bbd4a8781b7654d366222ae12a9fe9183b71aeca0fb211737ab5f00bd.dll,#12⤵PID:304