Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ec3f453995e4cba53c7177cd0cac1d90955ef8fb687a7fbf956aef3071dffd4e.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
ec3f453995e4cba53c7177cd0cac1d90955ef8fb687a7fbf956aef3071dffd4e.dll
-
Size
414KB
-
MD5
09f43576ab4b3f89568f9f2839815820
-
SHA1
3c337f0c8326cbc95b02f75ef767ca7e64652668
-
SHA256
ec3f453995e4cba53c7177cd0cac1d90955ef8fb687a7fbf956aef3071dffd4e
-
SHA512
111b90758f70657326f8501f3543422fbf767187de770add12f953034ec4c0f9cd7c3d85849ef376ef174a5d10982048b87d357db96b540628d3fe2195c289dc
-
SSDEEP
3072:stqNNFKGM6xoLFhag4YvuFdfR+gVYF6hiDg938ML46COpXZ4hZSP3JJYjNZcQDAC:st+NFELag4YvC5DXMWEZcQcv9z/87a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe PID 2800 wrote to memory of 2524 2800 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ec3f453995e4cba53c7177cd0cac1d90955ef8fb687a7fbf956aef3071dffd4e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ec3f453995e4cba53c7177cd0cac1d90955ef8fb687a7fbf956aef3071dffd4e.dll,#12⤵PID:2524