Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 07:33
Static task
static1
Behavioral task
behavioral1
Sample
3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36.dll
Resource
win10v2004-20240226-en
General
-
Target
3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36.dll
-
Size
187KB
-
MD5
6a110f2c43299050041bc51962e9ab83
-
SHA1
2edb273831a8a1facae023b475d710d8b06c8119
-
SHA256
3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36
-
SHA512
5df7709ed15cbca13f9be87130c75c3fc9626e21872c93de81cbc5b03881124695a4f2ec6df75a4ab66d1dba23766e58da07907f063f4f9602fc146aaee985c9
-
SSDEEP
3072:qNNHf3nrnZSQBY7zJAW3mOKWa84x6BMyblflFj2lQBV+UdE+rECWp7hK7Q:6f3ZCdTmOK8S6BMyxddBV+UdvrEFp7hl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28 PID 1720 wrote to memory of 2200 1720 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ac347265f91027392502bb01df2ebfb1e5deb1ad6e96d5dc26bc31f86547c36.dll,#12⤵PID:2200
-