Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-05-2024 11:14
Behavioral task
behavioral1
Sample
61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll
Resource
win10v2004-20240426-en
2 signatures
150 seconds
General
-
Target
61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll
-
Size
160KB
-
MD5
4c2ec1df0f31f0979b919c14a0363a35
-
SHA1
7ace8d116f29450f7fdd918709fe58e535020efb
-
SHA256
61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684
-
SHA512
aa222babb41da54ea766c2e66500aaa8097a5688b3ccb18fd45035f68a916da1f335e555db4b66a54b00d1f8064a38b777f04910de3bbe96ddf8916b470957f0
-
SSDEEP
3072:I02rPPBHaDJRCP5otSUrUXk4bAtcryyYbQ0ngzJKYF5Q:wrPPyJgPuU3bAZFn8F5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 2308 2972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61237d58a67ca3250baf08c968032a8f7e66b0e1126c1e0c8f3c040967da5684.dll,#12⤵