Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-04-2024 08:14
Behavioral task
behavioral1
Sample
d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll
-
Size
50KB
-
MD5
b1d9bc58ea6c52e9698729eb784773c5
-
SHA1
cdf14bea73d3342b8d4b911f0d9ed474d2246a94
-
SHA256
d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60
-
SHA512
6c18e8b319e3afbd90d05038ff885924e80f3e00020e5eed403fa45154ff43132cc6e50ca77f2b1cfb3651d1facd23b8c72d9fbc01e24edf7a7647b3994e9603
-
SSDEEP
1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5RJYH:W5ReWjTrW9rNPgYoDJYH
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 2156 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe PID 2212 wrote to memory of 2156 2212 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d28760f334561c94d93c33a7fd60945dda755315a16ed983a08b8d6a4d506a60.dll,#12⤵
- Suspicious behavior: RenamesItself