Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:32
Static task
static1
Behavioral task
behavioral1
Sample
2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll
Resource
win10v2004-20231215-en
General
-
Target
2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll
-
Size
1.3MB
-
MD5
c6d657e451dc7a6eb4b0ef09cb579f96
-
SHA1
c95888a9298c6537171e0803dc21fb52ec782a76
-
SHA256
2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0
-
SHA512
86eb4bd01e72a9e0963cc04a9d8344b94c87b0ce2bfe2353346c6a6423ad016e016c6cf9025155390612d48cad778bd26d37d60a6b7b6ba2e00ff3c194c13dbf
-
SSDEEP
24576:XRT0EtXhsXDLgQsSulh2Z6ytyFJpckYatFaC4sg2FceB91amcH32+6bKstESrEHu:hYEXsX9clsZQplrdg2yeZFcH3+tEA
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe PID 2236 wrote to memory of 1276 2236 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2f0699dbaed3b7ad48000091a80116329e8db1c3be6c1647615f9770e9caccc0.dll,#12⤵PID:1276