Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23/04/2024, 02:54
Behavioral task
behavioral1
Sample
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
-
Size
899KB
-
MD5
94ec58b425c30fac4bd65e3a0fac29a1
-
SHA1
0ed5ffa67adebcf20fab6511e4bdc3ceb21ab619
-
SHA256
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f
-
SHA512
f47bbd4ab172697938cc0d9c1a7ccb390d29e4d7f7ed78d498d86c0d3b33538e3bfe4a94ab6e4fa1f61499ec64dbe7791f52da969de08f52ce072e499b7fccbc
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXt:7wqd87Vt
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1620 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28 PID 2188 wrote to memory of 1620 2188 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1620
-