Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/04/2024, 02:37
Behavioral task
behavioral1
Sample
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
-
Size
51KB
-
MD5
0df7850634165b0d20c11255f96afc6c
-
SHA1
1faf9f41e619285de84534a2bb5fdcf6093f6556
-
SHA256
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f
-
SHA512
0946ccee58b6425b8f638e5f58bad5041d89e5ae949f111ea0a4bc293b6697b5192a60842a94286474c27bd60a4590343faa75333d71694704817b9d492ff6e9
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLxJYH5:1dWubF3n9S91BF3fbo1JYH5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3028 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28 PID 1724 wrote to memory of 3028 1724 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3028
-