Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll
-
Size
2.3MB
-
MD5
35b2a14f4100c7a1cb98f85b7cc9d8e3
-
SHA1
3df613adc29283d2f2d1463bbbb0b4561b609d99
-
SHA256
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7
-
SHA512
0ab23c349ed79618ffe73422856f5d2d6d1f3e5b5299ff5bd4d4b55e4b5576b1ccf90acf8cd262c37c9d248948181e8cdbcf904ec966b87feeb75d8666a994f7
-
SSDEEP
24576:fvQbmb3JN+jh2K7LxGI5iRkCEZnT1mBuJkYo8+U+:fTbBK7FGI5iRkCEZnT1mBuJkYo8+U+
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe PID 2316 wrote to memory of 1884 2316 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll,#12⤵PID:1884