Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74f8776337501d924f4220f9e34cd1a8.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
74f8776337501d924f4220f9e34cd1a8.dll
-
Size
32KB
-
MD5
74f8776337501d924f4220f9e34cd1a8
-
SHA1
1fdb368b29cad97fe10d71d371f2c1d441a7f232
-
SHA256
8f90cff2ee63c14727696a752228950955999d29da546f9954531908c8cfa5f6
-
SHA512
e2aeed83ec633cdee8e8a9086d65ac8cfd37352472b3dbb56a0b4315783368db4c3864475d1314dec51c5eda6c7921f641ea1c7ad86c5e656ac7c7eeffab367b
-
SSDEEP
768:jUTHaQ5CPZ5mvC87Gt6ZWpNqOjsSRzVs+:jUTHb5i5mH7GtEDQRxJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe PID 2416 wrote to memory of 2776 2416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f8776337501d924f4220f9e34cd1a8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74f8776337501d924f4220f9e34cd1a8.dll,#12⤵PID:2776