Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/04/2024, 02:40
Behavioral task
behavioral1
Sample
2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714.dll
-
Size
899KB
-
MD5
71453378ee254fdc83bba373e1555128
-
SHA1
12120d4768ff47017441aedbaf36e2086e232315
-
SHA256
2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714
-
SHA512
36c366e6142e365333a554765e59e0499be432322cbd62b979ec8b26ad1ca8f01a74b76f0ac3147e9dc124588f73b091a06994dc01504b4de2f3f1063dcee02d
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXM:7wqd87VM
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2060 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28 PID 1044 wrote to memory of 2060 1044 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ec15a707383c724be54410cd7416d598da40bdfcd011bc8840301f5ccb8b714.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2060
-