Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1a8b6133bc58bd97b0d95b9be76109ced192adadb80172059f5d7d55b4e31ad0.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1a8b6133bc58bd97b0d95b9be76109ced192adadb80172059f5d7d55b4e31ad0.dll
-
Size
246KB
-
MD5
27630c7903bed35111f686aee0830999
-
SHA1
a7b2ce3738898686aae060bb1e3ca07624e4bda7
-
SHA256
1a8b6133bc58bd97b0d95b9be76109ced192adadb80172059f5d7d55b4e31ad0
-
SHA512
2c4e939687ca5ff35c7f4e2663315c3b664e1e8814021c39d50923d83aee8485c9f6cba9c9eebc4ee8cabd2ed3d5f88062912c9fc991b9f941ffc9fd3fc6c50b
-
SSDEEP
6144:MLONPmu0z6toXgAQdX9OgPh8TcoiwcMXZZ8YBGH:MofdIdNxZZC
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 1612 2180 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8b6133bc58bd97b0d95b9be76109ced192adadb80172059f5d7d55b4e31ad0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a8b6133bc58bd97b0d95b9be76109ced192adadb80172059f5d7d55b4e31ad0.dll,#12⤵PID:1612