Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e22c85f6322f881c99b6fc69a74ce57b1fb7cebf89b6b75722cacf816be23213.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
e22c85f6322f881c99b6fc69a74ce57b1fb7cebf89b6b75722cacf816be23213.dll
-
Size
1.3MB
-
MD5
44307427f1c9dfc50772751d7dc8ad6c
-
SHA1
4b049ba4c79201cb0f84331a1cd70a0bede263ab
-
SHA256
e22c85f6322f881c99b6fc69a74ce57b1fb7cebf89b6b75722cacf816be23213
-
SHA512
b5294a9005e2605e3f08586a2ec92baa513e1763829da6471c4e86b26c11f3319894455054a61b0e6ae55ac2a48365bcfe894a9a2c8431f97ca4410945613db5
-
SSDEEP
24576:XFNeZp/mmgFnjBMww7YULXSSLkoqK+1PL4fDgauZ2YbTuH:XqZp/mmgFnjBMw+YcfxqK+1PLxVZ2xH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e22c85f6322f881c99b6fc69a74ce57b1fb7cebf89b6b75722cacf816be23213.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e22c85f6322f881c99b6fc69a74ce57b1fb7cebf89b6b75722cacf816be23213.dll,#12⤵PID:1636