Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll
-
Size
724KB
-
MD5
39cf448c556a2cd2aa1cb6e6220857e9
-
SHA1
bd5001edefca0bcef3ec3cec39c999cdf25d2ff8
-
SHA256
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1
-
SHA512
4ff1e1fb3f31abfc41583c92f7db3fc19a71383bed39be3b7c6f9cabab40d575ebaf575bca18d343862ff33e445c2122823bea489b8f90b3ee88a1e81069b1d3
-
SSDEEP
12288:qlsyXE2GemaPufRhta1ioZ4/H3KsUbTNwHP:qlsyXE2G3aUwZLbTuH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe PID 2348 wrote to memory of 1696 2348 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll,#12⤵PID:1696