Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/04/2024, 00:21
Behavioral task
behavioral1
Sample
f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd.dll
Resource
win10v2004-20240412-en
3 signatures
150 seconds
General
-
Target
f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd.dll
-
Size
899KB
-
MD5
52ddc5bcd80978e43aa4c3bc06755481
-
SHA1
355beac465115c9896af51f03ada02d533504946
-
SHA256
f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd
-
SHA512
865aca90ce09f9c9ac8d0f47186ac0f21763213f28cbe536d82689af474ac9bf6326c1a01f77d2e53fe002b679dd19e3e856d8ea837830215ee24ba724d59eaa
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXB:7wqd87VB
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1716 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28 PID 1228 wrote to memory of 1716 1228 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f8d2b5f5139f91231a9df195c80fe012d38e69f750762374941b9b467aebecdd.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1716
-