Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74ed6fee9f5713859a6aa75494ce901e.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
74ed6fee9f5713859a6aa75494ce901e.dll
-
Size
57KB
-
MD5
74ed6fee9f5713859a6aa75494ce901e
-
SHA1
3aaac41035d5a27b561b95ed76d8dfcb4bdd7066
-
SHA256
a29dff08ea24e6d43ebbcb090e8e3898a766918245819bfb2e46ebea3ed09c81
-
SHA512
5f95b8fe149840a613001c8bbf8af5640e9ba2c2ce75e7401e8c0c47f687388fbddb26c824aa6e6baa753b7cd42666371c22d6e35ba3120fc318e7b85e7e8e9d
-
SSDEEP
1536:hr7OaFCsK5Ehd0tkrpVUEkJ+H0jYJqXoxHOTMdtg:tOaY5m2Kr0EUG0jxX6OQ3g
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe PID 2496 wrote to memory of 1636 2496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#12⤵PID:1636