Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-03-2024 00:31
Behavioral task
behavioral1
Sample
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.dll
-
Size
204KB
-
MD5
4d8159689d6239f7616ea60f46dbe4e0
-
SHA1
19e414ded855998d18a786e0142d600308e21469
-
SHA256
15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f
-
SHA512
d9f632cf521f37e4c87196b1e289bb2b7e555f304bb9cb4e2ac3e32aecd2e108b0632d3fffdb971a6cbfdac4b1d916e64fb5718dc6d24600fac03b96bb4c2f76
-
SSDEEP
3072:0/QPFX1eqEfuBNSYuiM8CNj8hFsoMX0ghsJRgCD3iFw9jdUK5l2:0/MEfuN0t8C5oFsoeRM3o0jI
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe PID 2668 wrote to memory of 2596 2668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15b5072420727887178bcab9a251c0b9af45df135157902ab540215f8f8ab75f.dll,#12⤵