Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 02:14
Behavioral task
behavioral1
Sample
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
-
Size
899KB
-
MD5
84c14cc427ada7864a0a78ab81dcddd7
-
SHA1
453193b50c393c03cbee36c174c81a37fba14cb3
-
SHA256
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43
-
SHA512
5997e6250b517795dfee1b11034c8d3d1aa338a1d9077215d2679dfb728e8f6925664942d04bce84a70b86fdd10cf97b50a7647f17009da6d03bb5b4748f976a
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXh:7wqd87Vh
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 2708 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2708 2972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll,#12⤵
- Suspicious behavior: RenamesItself