Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-04-2024 00:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9f5b4f476d85d0c7b3588082e8e84382f0376b04fbe12c619914112a0f609c4e.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
9f5b4f476d85d0c7b3588082e8e84382f0376b04fbe12c619914112a0f609c4e.dll
-
Size
669KB
-
MD5
ee3713ddeeed1b8bc08570f135790359
-
SHA1
9e820ed3e4fe86f15cb78a2bf1be0ab37644aef3
-
SHA256
9f5b4f476d85d0c7b3588082e8e84382f0376b04fbe12c619914112a0f609c4e
-
SHA512
073a4c1557a0b52f0c98461691f739a31e4f77a8b764ad5ef150edcdd26eacae63ec01f5b89ea6d7620b858495149c05ea7cad5472638d0bac1225a56ba06785
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYo:o6RI1Fo/wT3cJYYYYYYYYYYYYo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28 PID 2320 wrote to memory of 2084 2320 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f5b4f476d85d0c7b3588082e8e84382f0376b04fbe12c619914112a0f609c4e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f5b4f476d85d0c7b3588082e8e84382f0376b04fbe12c619914112a0f609c4e.dll,#12⤵PID:2084
-