Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f551fb19367ccf32e5f054d30e10274585863ea0460075e0bc048f5c086e1d12.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
f551fb19367ccf32e5f054d30e10274585863ea0460075e0bc048f5c086e1d12.dll
-
Size
691KB
-
MD5
c8f5a249eb9af0f83c34eb1a3dc8e477
-
SHA1
3c51c975ee3db4f64f643ff70f2d72650a8414c8
-
SHA256
f551fb19367ccf32e5f054d30e10274585863ea0460075e0bc048f5c086e1d12
-
SHA512
f98422f0f7419bd44af2d75520fa281f87bef62ea8c809e3f11968230e7fd9486849de997ad81f9d740a9cf69fed79c4d9591c977fefdc586589590d9d622b61
-
SSDEEP
12288:o1C1YgDBIuKofa3MlF8oQtqhGsZNEgp016UbTNwHP:o1C1YgDBIuK13vrsZAbTuH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe PID 2144 wrote to memory of 2056 2144 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f551fb19367ccf32e5f054d30e10274585863ea0460075e0bc048f5c086e1d12.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f551fb19367ccf32e5f054d30e10274585863ea0460075e0bc048f5c086e1d12.dll,#12⤵PID:2056