3bca1dcaef4430272b9029c9a4bc8be0d45ecff66e8de8679ed30d8afab00f6f

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 07:24

Target

3bca1dcaef4430272b9029c9a4bc8be0d45ecff66e8de8679ed30d8afab00f6f.dll
Size

956KB
MD5

b28a478eb5b99efcdc7caf428bffb89a
SHA1

d394c7b8fe15753bfbff79fb4f648f6f8bae70f9
SHA256

3bca1dcaef4430272b9029c9a4bc8be0d45ecff66e8de8679ed30d8afab00f6f
SHA512

decb2581f64949bfaaaf0368917f0705d7a4b7392ec272eda025cf06a4384ec4cdd5202081c2e085f00645029dd96bfef262e8628bed1861185adf6281c1cc88
SSDEEP

24576:rs6ZRS5J3ifJvlxfcdaeti7w+0bf0XznPMvPD:Yni8dK9CEMXD

Score

8^/10

Blocklisted process makes network request 3 IoCs

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.ipify.org
3	api.ipify.org

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28
PID 2232 wrote to memory of 2952	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bca1dcaef4430272b9029c9a4bc8be0d45ecff66e8de8679ed30d8afab00f6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bca1dcaef4430272b9029c9a4bc8be0d45ecff66e8de8679ed30d8afab00f6f.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2952

memory/2952-0-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/2952-2-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/2952-4-0x0000000001FD0000-0x0000000002045000-memory.dmp

Filesize
468KB

Download
memory/2952-1-0x0000000002050000-0x00000000020C3000-memory.dmp

Filesize
460KB

Download