Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll
-
Size
781KB
-
MD5
76f188e59e4f5b4622bc359c7135d6c8
-
SHA1
44eea3b792514b6dc1016d93a429995231b9af33
-
SHA256
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20
-
SHA512
47e912391290fe1d0e87c782a6e0c9721ff4831e8395591ac8958832fbff51157cf6927a5c56214a538ee2a74a96f72d7faedfd5d88be690c1dc54eb561198d4
-
SSDEEP
12288:EXW8QUvQMrz9SLItr2taMUQ3BucGOLVgzsmA74Y4VZGUFc:Z8NhSLItytaK3BuXOhgoqY4ZG
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe PID 2964 wrote to memory of 1912 2964 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#12⤵PID:1912