Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:11
Behavioral task
behavioral1
Sample
74f0cd14eb9394e831419c362bb123fa.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74f0cd14eb9394e831419c362bb123fa.dll
-
Size
67KB
-
MD5
74f0cd14eb9394e831419c362bb123fa
-
SHA1
a1be3a910a57fe3c22ce3f9653757f1ec1001616
-
SHA256
334016e3fe9fb36f0cdc1eaec4f51ca191aebec843295bfca1f61bfbe46bf40a
-
SHA512
6f0baae4c91611ffedd03ccd16a75c989784f01d4b60ba66b09fb5419d6b9d3ae9633a56da294f8f61bd55be9b6c4edaaaaa7bf64d8c7439946cff30b00ac4cb
-
SSDEEP
1536:Bm1NGJVGtZL9oKVaMLiAxLoS4nvIHL6zKzOyTbAB:kX0ViZL1aMNdQwHL6zKOgS
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2512-0-0x0000000010000000-0x0000000010013000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe PID 2180 wrote to memory of 2512 2180 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0cd14eb9394e831419c362bb123fa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0cd14eb9394e831419c362bb123fa.dll,#12⤵PID:2512
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2512-0-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB