Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:33
Static task
static1
Behavioral task
behavioral1
Sample
fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3.dll
Resource
win10v2004-20231222-en
General
-
Target
fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3.dll
-
Size
2.2MB
-
MD5
bcc833b5c9855b8d3e62b378f0ff8035
-
SHA1
2fc6c85eb0a4307ee078ef4da0c75f7116976d4c
-
SHA256
fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3
-
SHA512
9adf466b540c90ed580934df9fa08b57b57b2f5c3188cd295f851e5e9bfe4bbbb4800057c7fed4ffc60ff9c4edf88b0e2f86347fe2e8df735c68df2b6cb6a07a
-
SSDEEP
49152:TJd0OM5Fym/8zgJ3YM97tQjFozL19wNa/WgV:VCOM568J2jFKp9JWgV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe PID 2016 wrote to memory of 1640 2016 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fe62d5e70cbe80e7ae8d2ee6304873bed95d783f3daa102be71da8d85f4d82a3.dll,#12⤵PID:1640