Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll
-
Size
381KB
-
MD5
8a1f7a72d9ac9bc5947829fbb06cce12
-
SHA1
df3d871e4122a3624a06f82c344095e20be1ce82
-
SHA256
19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28
-
SHA512
3061721d6d7690ecc0373092e163991a095966fdb1960270dda88711b8d20fff2435e18cc7dc498f379983ac7401ca19a87bf270e2ff8cd3a05ddf5f888693b1
-
SSDEEP
6144:dMwmVYHHDFVag30hmru2zYhTuP0cpuUb5p9TwHlM82/VZ:dB8M4g30hmq2EhTuPgUbTNwHPCV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1708 1216 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1216 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19c8c4e882b817e91ec9c7d8edf540342ff2df0f87ad3aaf4394026343470a28.dll,#12⤵PID:1708