Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e1d13e792bc84f5c32307806b0102a8aec303f0b81f73d9e04c890dbcdf2079c.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
e1d13e792bc84f5c32307806b0102a8aec303f0b81f73d9e04c890dbcdf2079c.dll
-
Size
106KB
-
MD5
410f67dc731b2ba4686624309f0e7d2e
-
SHA1
37d9c5f6f2818f8ec347e1f03032adcd92fa51a1
-
SHA256
e1d13e792bc84f5c32307806b0102a8aec303f0b81f73d9e04c890dbcdf2079c
-
SHA512
fa0c2b34f71c4a99480a189e80a829f3a39c664efafca7fb2ffe79104fcb3b8ac68730e4aba3b6cba1238ec0b26222d61bd859f36c384c0f6d1c4bec6b18b8de
-
SSDEEP
1536:v40UJo16SIF6+Um7DINQ+soST7ttb+5l4:/s7H+Nw7tcm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e1d13e792bc84f5c32307806b0102a8aec303f0b81f73d9e04c890dbcdf2079c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e1d13e792bc84f5c32307806b0102a8aec303f0b81f73d9e04c890dbcdf2079c.dll,#12⤵PID:1636