Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c05537402d870edf0de739a6bb685924da71a2886636a5ca1ec5c16be183b671.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
c05537402d870edf0de739a6bb685924da71a2886636a5ca1ec5c16be183b671.dll
-
Size
850KB
-
MD5
dbf2725aeb0a45ae653f3a29cfde66cf
-
SHA1
49a9cb18894729b8f6eecc0a553ffe9902efa973
-
SHA256
c05537402d870edf0de739a6bb685924da71a2886636a5ca1ec5c16be183b671
-
SHA512
3b89cdcc431b46a12db3b871640b32db277fcb8a03831af51f803e2b1dbebc042a3d860cb457c1eb94ee85b3e6782977a9f7e2fff91f1fd33f9a0257605c59ae
-
SSDEEP
12288:Oe/qKO5ZcOC7DqNeMr5p04Y9Dx6/24t+tQMIG9PqTAZjI5s5:OeyZ2GlUD8/24t+tQMIRTAZjms5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe PID 1316 wrote to memory of 756 1316 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c05537402d870edf0de739a6bb685924da71a2886636a5ca1ec5c16be183b671.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c05537402d870edf0de739a6bb685924da71a2886636a5ca1ec5c16be183b671.dll,#12⤵PID:756