Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43.dll
-
Size
148KB
-
MD5
b5780e0476d58c4e7a82cef268d8f533
-
SHA1
8d809e83a4ba46433bbaa05a76478242ab147246
-
SHA256
298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43
-
SHA512
63d4b9117e46f6f47bfafc45e2a4da25138e84061541d637ae3f093d22072d979170b6cb0f7f33974acd1f2081fc8b3a856157fc2e0ff79cb9e3177ab1f0b5d0
-
SSDEEP
1536:XVn355UmKjdPXWGSPhMCw55up+PxjSbIt2IHS2H+j4fM1NkhLV6p:VbURJXpm9WL7Sy+c01ihLV6p
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe PID 2520 wrote to memory of 2180 2520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2520 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\298e6a216c30c7fc22b56830b86beeb014dc69008dac3e0c59ab432512538f43.dll,#12⤵PID:2180