Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
21/02/2024, 05:33
Static task
static1
Behavioral task
behavioral1
Sample
1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff.dll
Resource
win10v2004-20240220-en
General
-
Target
1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff.dll
-
Size
2.2MB
-
MD5
ecf7bd9b22d792f5f203a4b2d7691c58
-
SHA1
c384165120def5b16b53b58e5647318fa6f5eb3c
-
SHA256
1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff
-
SHA512
896f377868a73833a110f88f221915c5e30e248909244edd846e66d8fb39a7165839b74e6b1afbbe570e1e7773437a84787d8f1bd64e8064be4bb7b125dc4d62
-
SSDEEP
49152:TJd0OM5Fqm/8RgJGYM97tQjFozL19wNa/Wghc:VCOM5eyJDjFKp9JWgm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28 PID 2900 wrote to memory of 2948 2900 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a216a0df6231480c8273837380c9e17b35306d1a3fd0bc4f69ecb95df87a8ff.dll,#12⤵PID:2948
-