Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll
-
Size
4.2MB
-
MD5
6ef2d1efc6e761f75636142a2c97b338
-
SHA1
e9b0e9d90a1f71034b183e95ed44f8b83a3223d7
-
SHA256
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01
-
SHA512
4f104488fe38830cf2a7ce831112559d298e065a4b7f67274d44817e16dc2070cbb58790912f95f1544ee316f62dcbf4ca11b7a88998aaa98f77742989416b59
-
SSDEEP
98304:QSPoqTClkK2h0F9FuUlcmCNvnYPGTjda2RkQAz5cMZ6BBsu:QSPoEClkKDjFuUNmYPyRRAz5zsBs
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe PID 836 wrote to memory of 2308 836 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:836 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#12⤵PID:2308