Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
04/02/2024, 12:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VirusShare_17cd13a13b7e2aa84aaebff50de0b7f0.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
VirusShare_17cd13a13b7e2aa84aaebff50de0b7f0.dll
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
VirusShare_17cd13a13b7e2aa84aaebff50de0b7f0.dll
-
Size
237KB
-
MD5
17cd13a13b7e2aa84aaebff50de0b7f0
-
SHA1
e757b38cc269b335a17b335e5dc3c92f50e4c9bd
-
SHA256
3c3e6f727af9d6fcb4f648fa022c7169b4abd265218003af3b533f5b1b40673f
-
SHA512
0cb75ed72caee99254597943bf8cd146530d7e0ba6eb031ef84005749b8158645c90c65efe6bca5c6f528e41639b2a9431e86205496df6b57ad1082b688c897b
-
SSDEEP
3072:+APpmMoKGWHVER3RIn1dI00JpTAWa6caVViJrPrFrqI9FU2b:+7/FW1d7L6caziJrhhv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28 PID 2928 wrote to memory of 2932 2928 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_17cd13a13b7e2aa84aaebff50de0b7f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_17cd13a13b7e2aa84aaebff50de0b7f0.dll,#12⤵PID:2932
-