Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll
-
Size
59KB
-
MD5
acb3960b616f3194bab7c6997bdfe1ae
-
SHA1
09cea34ab57ad6be064166dbceb71dc20d626c01
-
SHA256
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec
-
SHA512
eb808b0673fd914948d454ffc1c8fbd837ec8b95cc91ca060464e10be6da32649f7612eb70c3030f73c9aa9436410116fc24b93807a7757a457973eda945ecc7
-
SSDEEP
768:5pIcFo7LE72qe72ax8/ksHbTdhXEPt9O3amHpQRL+AYzOEHTL8MF5PaDp1ur29O:5pE/Gde2wQHbh8t5mJoSAALBF5Peuri
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe PID 2024 wrote to memory of 1068 2024 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll,#12⤵PID:1068