Analysis
-
max time kernel
140s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7507c0a82bb8f35d03f6380842b1c8ba.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
7507c0a82bb8f35d03f6380842b1c8ba.dll
-
Size
3KB
-
MD5
7507c0a82bb8f35d03f6380842b1c8ba
-
SHA1
1c18b28cc62284af8ed512d3f6c61e238bd89ae4
-
SHA256
c23275d4dae471f6d6b8d18b96b6e1c08c7ec96734893774593b286f275ed462
-
SHA512
a4c0229cb0411250b37e46168860981138a104fece6858e28406dc13f2489351747043048f5fa356edc324f5383423eae731849731e5bcf4da664d1233680916
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3776 wrote to memory of 1256 3776 rundll32.exe rundll32.exe PID 3776 wrote to memory of 1256 3776 rundll32.exe rundll32.exe PID 3776 wrote to memory of 1256 3776 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7507c0a82bb8f35d03f6380842b1c8ba.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7507c0a82bb8f35d03f6380842b1c8ba.dll,#12⤵PID:1256