Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7ecbbc4c75436f3954b287ea2543f02d2afceb52e530454e92e58327b9e6352d.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
7ecbbc4c75436f3954b287ea2543f02d2afceb52e530454e92e58327b9e6352d.dll
-
Size
1.0MB
-
MD5
ee82b75940bc74fc6e0a99d2fe68fb68
-
SHA1
64ebb40b03103bc0b318f60f41e70d66bcc462ce
-
SHA256
7ecbbc4c75436f3954b287ea2543f02d2afceb52e530454e92e58327b9e6352d
-
SHA512
0cd381e5fe986758b79af4256f18295a301bef5d9f5708219f1017a1a4a19cc10e85c03587207b91a9c603793f5e0a5179ada1ff991be75217b0e8930ea06449
-
SSDEEP
24576:RCZfxCtxDxCIWrHeVvnEXVM+59FAVFPtZtbTuHno:cZfxCtxDxCIWr+VvoJ59FAVFPtZ0Hno
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe PID 2096 wrote to memory of 1352 2096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ecbbc4c75436f3954b287ea2543f02d2afceb52e530454e92e58327b9e6352d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ecbbc4c75436f3954b287ea2543f02d2afceb52e530454e92e58327b9e6352d.dll,#12⤵PID:1352