Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 21:11
Static task
static1
Behavioral task
behavioral1
Sample
d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441.dll
Resource
win10v2004-20240412-en
General
-
Target
d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441.dll
-
Size
385KB
-
MD5
64a5bc21363a40a640c5c6ded9e88a77
-
SHA1
9a386da54971628fa7746494e4f5d103e60304e5
-
SHA256
d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441
-
SHA512
84b0196443ac8825bdd5d6bb3e5a0a638d39c6b72318cbb3a3dc0a3dee0833f9fab6a2e12003fc488e5df0aaba88c25e58083c960c42229c0113e540656c4c01
-
SSDEEP
3072:2OXYdgV+doY5P7Z1SGhHcKpknnhBPogsDAUEXfMu9py4JZ9q91:2Ood7/SuGhBPnsEUofhPq91
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28 PID 2236 wrote to memory of 2232 2236 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0687f47a1b2b1b9cf568a53f22e4af40bb2dbec2eb1fe7e1a4d576a0b4dd441.dll,#12⤵PID:2232
-