Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1b724bb98236116f697a0d6de73766c629a5de249533574461c535110d6d3d61.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1b724bb98236116f697a0d6de73766c629a5de249533574461c535110d6d3d61.dll
-
Size
239KB
-
MD5
2592097ec2a5a0d7111d6117683b5d02
-
SHA1
7b6538768b9928456cd9e844acf6287dfb083962
-
SHA256
1b724bb98236116f697a0d6de73766c629a5de249533574461c535110d6d3d61
-
SHA512
ac3b369b0665645d8412b822e6211fb11302dde2a8623308dceb39de2b287376f55d104ec78746e592f6e0a090b74caaa1def48e17f4fd4fdef6c66f371c5375
-
SSDEEP
3072:w6o7VyVtscWvrS+Nd5K4Cd6DnWQjnIdq8EF/0BwD:w6o70VAvm+Nd5KGWQMU8EF8a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 2864 804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b724bb98236116f697a0d6de73766c629a5de249533574461c535110d6d3d61.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b724bb98236116f697a0d6de73766c629a5de249533574461c535110d6d3d61.dll,#12⤵PID:2864