Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-03-2024 16:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dc190e078bbd76c0635b415325d93067.dll
Resource
win7-20240221-en
1 signatures
150 seconds
General
-
Target
dc190e078bbd76c0635b415325d93067.dll
-
Size
172KB
-
MD5
dc190e078bbd76c0635b415325d93067
-
SHA1
061dc1a3c3391563b6cfcfe251077dbc311cd186
-
SHA256
5c0219ee2ef3da0d3399d7b85522e5682b1d742548f078804d2bc63063669bf5
-
SHA512
d8f7c40c8d67d9913152e17bc26d9c70136861b1ab75485a925d091d88b340982983cfb35f2bb8ad35180a0a5e9b7e92ea8e610482a807d2ed289b5fe65c900c
-
SSDEEP
1536:NX0vHiJ6zFzUAMAKGe94MCsnn6NyDClbRW9Z/DxfbG+SwVol:6viJgUTAFe94jslDC3+Z/FfFt
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28 PID 2856 wrote to memory of 2912 2856 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc190e078bbd76c0635b415325d93067.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc190e078bbd76c0635b415325d93067.dll,#12⤵PID:2912
-