Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll
-
Size
222KB
-
MD5
74c7fa512488e92f2cf00abdce92c1b8
-
SHA1
1727b635745d05ae6e272b7af3e91cab491e5a97
-
SHA256
a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84
-
SHA512
44f5e961d1ce94f24f69060aac50a3bcb071e52267d6c678e094f72f9225be12eb72b1cdd884260f81636639cc711436304d4dbd0d75d551564856c8aa84406f
-
SSDEEP
3072:i1iyRWiGqAc6L8p1dcUFwS++CfS+dbqDohZEzyCqdI:i1ial6L85FV/JdDomZm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2468 2676 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6c551fe1a3c8d2b12d779a0146b1355a5bdd940aa7ae588bfb8fac397816b84.dll,#12⤵PID:2468