Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 23:17
Behavioral task
behavioral1
Sample
e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453.dll
-
Size
899KB
-
MD5
13ac561ba4adffceb4c80944d2f5b1ed
-
SHA1
62fc07f60f8e6b5cf83ec61df837a9ae8ed60bd2
-
SHA256
e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453
-
SHA512
fd0cba120208f9207dee3f3f020f334402c938915d9d470e9eb85eda59bc0a9a5ead625fde397995ab7ef9884bc777cea97fab5ce82c250bfa1fb7c41ea7004f
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXw:7wqd87Vw
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 2268 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 2268 3056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e51f453b30ef9fbdeb4224a9735cd18937062107f6ff1b2189b7eb26e3f77453.dll,#12⤵
- Suspicious behavior: RenamesItself