Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 04:28
Behavioral task
behavioral1
Sample
3580-137-0x00000000024A0000-0x00000000024AE000-memory.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3580-137-0x00000000024A0000-0x00000000024AE000-memory.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
3580-137-0x00000000024A0000-0x00000000024AE000-memory.dll
-
Size
56KB
-
MD5
39db4f55227e87e27f9c5e28957f6923
-
SHA1
cb8ad017b214dca408f5940195438ff5600d5ef1
-
SHA256
1f776629324b0e2ec4ce6d5a252550f74fedd784b2f8412ab6d0228f2db03585
-
SHA512
ae6d2e56806bad8c267590ab38918bf7f4334e8eb681f778f36814a7ea30dafe8a4de1891e427925f386a9b81629276b9fd76f3ffaea119c4a8b396571b04717
-
SSDEEP
768:A2k0DToAPYmMNvwEy6jpY5uMIyfcjlQg6zVjVl55fNIBl/DOg0zBw8:K0DTosYmMbB5zyYlyrlvfNIXDOgMw8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28 PID 2072 wrote to memory of 1724 2072 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3580-137-0x00000000024A0000-0x00000000024AE000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3580-137-0x00000000024A0000-0x00000000024AE000-memory.dll,#12⤵PID:1724
-