Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
11-05-2024 08:14
Behavioral task
behavioral1
Sample
cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll
-
Size
160KB
-
MD5
8b84a58287d60c2b04af308791c22bf8
-
SHA1
dd2eb9dfa9130f1126b3a8c5c309178ab73b0848
-
SHA256
cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71
-
SHA512
2f7f193c2c42cf915e2f83a583668b5f2dbfef40cf4ce47f608a3645b3b597f8d916b01b2d230bd0ccc377b34766daed1903bc029b91351191e865fd258ff3c5
-
SSDEEP
3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1288 1280 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd85b0d19183909df9c280c790932bf18dc63485f7f6022e796b137247ab0c71.dll,#12⤵PID:1288