Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 22:12
Static task
static1
Behavioral task
behavioral1
Sample
55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7.dll
Resource
win10v2004-20240426-en
General
-
Target
55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7.dll
-
Size
81KB
-
MD5
c9f3c5ea278dadcd1f19f4d986e2a28c
-
SHA1
d603c3453c74fb1d84b5dd03243513c1951e3386
-
SHA256
55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7
-
SHA512
5317ee9483ea5b37287b55f4a860d1840f24957cca0dc9e6d6b6c80795aa5538a879aa926e14e4cf32c56446ca4e777cae3e4417001f6c82db89cbcbe60ea649
-
SSDEEP
1536:XtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8WY:X4v4JKXTx71w0ArSsXF3enq8WY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe PID 1844 wrote to memory of 1624 1844 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55ec70be2215a22b639b5cdc07f3bf8b71354c72b9edbc9a7a76907cf69352f7.dll,#12⤵PID:1624