Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll
-
Size
538KB
-
MD5
24964e8198616799fa5ec4aa61032b33
-
SHA1
711bcdf28eec061339aa4f61a8dd3093d29255c9
-
SHA256
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3
-
SHA512
718ed1ce067158a158f8c957b529611774bf1834111a07cb37e690000f77af73111b831c1d47af9ee5226707ec18248d2e821c27b8c1106e5656f6d3815ae9e5
-
SSDEEP
12288:wEKMaWRIDTTr599FrQzxEcpPuQEyEqYuTt0jB:x7yTTr59frQ1Eq5lDTt0jB
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 2360 1872 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll,#12⤵PID:2360