Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
23/04/2024, 02:24
Behavioral task
behavioral1
Sample
b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b.dll
Resource
win7-20240215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b.dll
-
Size
899KB
-
MD5
4a61f73a7faca57a57d183a51ab9f9f4
-
SHA1
707abccbce3da5b06cb8fc4e590e9c0559505c5e
-
SHA256
b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b
-
SHA512
714a5abbf6c03c361e2cf8f5da35142258296cf77743793fe9dbba877e54d9b45d8c710499bb6639a27068a7a6ad1aaec865030615db846d6d251a9d77231364
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXx:7wqd87Vx
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1920 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28 PID 1600 wrote to memory of 1920 1600 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b174d3a954d9acd730dbf6f472fd0b4033de2bd964b701abab3507fae637d55b.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1920
-