Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/04/2024, 02:51
Behavioral task
behavioral1
Sample
b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78.dll
-
Size
899KB
-
MD5
e6b7bc9e1aa1a0f1d7a1efee354e6145
-
SHA1
7661fdbe6005eaffc1d88ce3288210b9b26a852c
-
SHA256
b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78
-
SHA512
63e204f5a79d6a4da0fca59f21824e3e12ece8d9bce96ecf13530a544187e5dff5edbf5bab0be6cc934da6da66f96ce1370ba3c6d3e59b83d08df1bd3c3b2c44
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX7:7wqd87V7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2152 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b961d99a3ca8dd8559b35fdf8c52a971a0966670567aefc1be1c261dc98beb78.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2152
-