Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15-05-2024 01:01
Behavioral task
behavioral1
Sample
0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa.dll
Resource
win10v2004-20240508-en
General
-
Target
0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa.dll
-
Size
284KB
-
MD5
3af6027d8bc971d8d6892010cbd28687
-
SHA1
3ce1aa65c5e8935bcfa66ae550e410153f690b35
-
SHA256
0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa
-
SHA512
e6589fe57a6068ac2fa9ca2b8169295f854f2abdd3809a3369c306e603e78a9641706fefc9947d2125d43742c7161383860f0ca61f3f91a878e3f2ca5e848ff0
-
SSDEEP
6144:YQ6PpOjD5gP+GGFqCl8VabJO2NRPS1AnWlnrE/HFuilU2pnd1hPWnU0f79u2tghz:6OjDmFA8uEe42lhMMw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe PID 1936 wrote to memory of 320 1936 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa.dll,#12⤵