Analysis
-
max time kernel
132s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9.dll
-
Size
1.3MB
-
MD5
f7710513698d27a31a7e16b6a7618a49
-
SHA1
d0ce4b055c6cb83c1e01ae47a8679fa4fd7aad8e
-
SHA256
7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9
-
SHA512
5160a202a74606fe27f944462e4a61466872c8784a313b9056e738dca24fb10d0016db61c5ad90b37be465f6b7df81c0fcb7e207693294803f779ec1b2fa56b3
-
SSDEEP
24576:WMYNUEksgtz0chZMJxWKgP1j5zXlcpOE1UiaxR:WliE9chyJkKgP1jxlAOE1UiG
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3548 wrote to memory of 3360 3548 rundll32.exe rundll32.exe PID 3548 wrote to memory of 3360 3548 rundll32.exe rundll32.exe PID 3548 wrote to memory of 3360 3548 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3548 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7efd5712db6d4b7133180299a404e7082d09c48bbcb6257dca8ad8f2d49eb7d9.dll,#12⤵PID:3360