Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1470988e07b7e2606be93d87a0da0dacf1810d997c13d010240bea5eb898b26c.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1470988e07b7e2606be93d87a0da0dacf1810d997c13d010240bea5eb898b26c.dll
-
Size
1.6MB
-
MD5
3a89039c956502fa8a3461e4c3b5a74e
-
SHA1
085c014479f1b12c8afc17cdfb9c04fc473bbbc3
-
SHA256
1470988e07b7e2606be93d87a0da0dacf1810d997c13d010240bea5eb898b26c
-
SHA512
438f4576707de88a5a2f6a854c414dcbeccaa0e6b6a27604dc82914bdeaadb90cd01753448cb10427c8682c792d5bb384921117edcdb4d8ad781303f59a8d288
-
SSDEEP
24576:S0gNkqMK/kmWJ02Ce6NGKUpzQWqpN9cOgw9u:S0fNnLUpN9cOg
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe PID 3052 wrote to memory of 3068 3052 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1470988e07b7e2606be93d87a0da0dacf1810d997c13d010240bea5eb898b26c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1470988e07b7e2606be93d87a0da0dacf1810d997c13d010240bea5eb898b26c.dll,#12⤵PID:3068