Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll
-
Size
89KB
-
MD5
cad9cfa9fa79ee92cd9816ceed717a89
-
SHA1
8fc30714703df3d16e5d7e3088b7f27117a1dca9
-
SHA256
9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741
-
SHA512
36a40c52261f4a8ddf5621e263a60b06b1c73dbb49e6d875e608215eff5a9b0dc1e2d90d3b08991e97363b9f9c67d828f3f5912e02efe635737d174d570f3bb6
-
SSDEEP
1536:FvsmGlMjaO5Yj0byTLe+bmWgZCJg2lojCj9hy4szP2RQcY:FvLGlgej0byTLe5IojKxszP1z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe PID 2264 wrote to memory of 2468 2264 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f7ffa426123887fa7a352173c84c49edc1124cba92425bfbeb4efa8b3a7c741.dll,#12⤵PID:2468