Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll
-
Size
453KB
-
MD5
ce7fd7a4b05f2a4bf072e083976eca45
-
SHA1
f1c6e2e0850d89c3b8b72e2bac30a28725953e8a
-
SHA256
7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5
-
SHA512
60e41c0ee4318932b13a5a1f2ded649a9a0e29972634254da95c4085cb6998aa5651114220b933355426deb8808c703e75388744854c13f3936db0fca486085e
-
SSDEEP
6144:2rmi88sG/URINLixJwxcTBABnCLa50cnQ3rWadlIGkLEqUDTQ45:2rGG/U+RixuxY402tnQ3rFIP45
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3880 wrote to memory of 3356 3880 rundll32.exe rundll32.exe PID 3880 wrote to memory of 3356 3880 rundll32.exe rundll32.exe PID 3880 wrote to memory of 3356 3880 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7360d44402a3b0587520eedbedb30b853a5136be34b4a6a83c5b0c1c57ba46f5.dll,#12⤵PID:3356