Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/04/2024, 23:55
Static task
static1
Behavioral task
behavioral1
Sample
7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6.dll
Resource
win10v2004-20240412-en
General
-
Target
7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6.dll
-
Size
5KB
-
MD5
9e5f167108d543214d7d9dfba4bc5687
-
SHA1
5bfd948458404bd4627cbf6a55a60825c9b5d288
-
SHA256
7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6
-
SHA512
08a61c2cd7cc51799ecdc1bc1fe7f2117cf46c49a62daed7d8d0cfea48db23962f6a8cfb9007217a32be2a9452ad7168dafb7d1862fa31d847fbb80680ee6033
-
SSDEEP
96:nEY2RrF1eqwi4YM+vG74yN+uu3IdiAU4MuNw+U1LWpGDB8F4aBAtdOdf:EHRh1eppY1vTrsRUPGtuj5a2LON
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28 PID 1152 wrote to memory of 1772 1152 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a389928001adbdea5d3bdc849f0536ba6d66a57088672fde59d67a3f53d7ab6.dll,#12⤵PID:1772
-