Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
750a1c183ebf56b66ac1f0593937a515.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
750a1c183ebf56b66ac1f0593937a515.dll
-
Size
20KB
-
MD5
750a1c183ebf56b66ac1f0593937a515
-
SHA1
593b08a23f9f099fac6c80f447be052c78561de5
-
SHA256
18e2bae40cd44acc5a7418915ffcfe43ab016fb2eeb58d4e9536cd1e994a88f9
-
SHA512
3df36d01db78ceed5f427eb0b301997f7fdcea85bc47e300b5cec237088943d8f187fae403e09b888a21db35c721b524e197ce5c7a353c42f500d0002fccb59e
-
SSDEEP
384:zSG/2Jp+C6QhtmruxCcdIL+0XplTCAu8UaWHuqaTlX0wG:zfYh2oCtpXPTx2OqaewG
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
rundll32.exepid process 2668 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2668 3068 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\750a1c183ebf56b66ac1f0593937a515.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\750a1c183ebf56b66ac1f0593937a515.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668