Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4174000b65b3697b37a7cb0ca3f87b2723caa44c5f2324dff06b744602a17d4b.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
4174000b65b3697b37a7cb0ca3f87b2723caa44c5f2324dff06b744602a17d4b.dll
-
Size
1.6MB
-
MD5
e361a255bcdc758c8fb29a69b1ee5105
-
SHA1
90c9642b28338fc545feaf521061782bde9d592d
-
SHA256
4174000b65b3697b37a7cb0ca3f87b2723caa44c5f2324dff06b744602a17d4b
-
SHA512
ad32d9e40bff2baf025dfa4c9abdebccfabda0a412afac99b05b75985392e794918a675c291b142a331ee74cda2f1a5f449e98a5c8ae538703533679586b7275
-
SSDEEP
49152:0Cc2ZZdDSdfTzkrFQbsKcrdr0X0RXWclALDScwZMHHm:DFJ0kRXWD
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2932 1940 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4174000b65b3697b37a7cb0ca3f87b2723caa44c5f2324dff06b744602a17d4b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4174000b65b3697b37a7cb0ca3f87b2723caa44c5f2324dff06b744602a17d4b.dll,#12⤵PID:2932