Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll
-
Size
453KB
-
MD5
ce7fd7a4b05f2a4bf072e083976eca45
-
SHA1
f1c6e2e0850d89c3b8b72e2bac30a28725953e8a
-
SHA256
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5
-
SHA512
60e41c0ee4318932b13a5a1f2ded649a9a0e29972634254da95c4085cb6998aa5651114220b933355426deb8808c703e75388744854c13f3936db0fca486085e
-
SSDEEP
6144:2rmi88sG/URINLixJwxcTBABnCLa50cnQ3rWadlIGkLEqUDTQ45:2rGG/U+RixuxY402tnQ3rFIP45
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe PID 2896 wrote to memory of 2956 2896 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#12⤵PID:2956