Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:17
Behavioral task
behavioral1
Sample
751205ccbc8f2e63f956cd7e33a66343.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
751205ccbc8f2e63f956cd7e33a66343.dll
-
Size
75KB
-
MD5
751205ccbc8f2e63f956cd7e33a66343
-
SHA1
684e0aa6eb4f640e6988b78d81109c6f6066d33e
-
SHA256
55a6b363596907819c886e177390a17cf4c6ae1e0842d408218c878a8b202363
-
SHA512
6a6f0dcb0afa88d9409161f5f782fea6c36bdf74e67e000d695da013e07d698f94c61ff21c13740f1f7111d63ee6336168b881dcb3e96569d4d67ca90ff963b9
-
SSDEEP
1536:n56EgIMIDBhinQkURmPEvQ/Kt5zFYHLAj7p5RcRbBfY:n56BnqBheUR5CKt5pELq7p0Y
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1888-0-0x0000000010000000-0x000000001000E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1888 1928 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751205ccbc8f2e63f956cd7e33a66343.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751205ccbc8f2e63f956cd7e33a66343.dll,#12⤵PID:1888