Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll
-
Size
483KB
-
MD5
cb564ee55db7558824bbde711324e1bb
-
SHA1
f1092f6072c3b9787a6e3d7d5f6d9085269da3bd
-
SHA256
1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b
-
SHA512
841073d413ca28f78b6df1fb705dfc2c30d9fbffdc5cb10d8e0de3724345ec1dda587a6619326f3c02e36da3405c801774ec3b16dc975222d3355a4e37b4d3de
-
SSDEEP
12288:WsKPdEqeVO3gTSVrzuM891FnPXHlL85kPRUbTNwHPL3:I3YSVmM89DPp8XbTuHD3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe PID 1212 wrote to memory of 824 1212 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d8715cc83c3ee15900f56da02512fa649f00f30f0603c33aeee488c55efba6b.dll,#12⤵PID:824