Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 02:00
Behavioral task
behavioral1
Sample
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
-
Size
1.9MB
-
MD5
56786421989f712855d73a8e715f3c88
-
SHA1
4903ff46434d72dd43b09696d7f363dc2b611058
-
SHA256
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376
-
SHA512
c4352944fba38d5e2af5e2a708e23842e972d71a6d76ef8ef6e5b0175752eb05b39e4e383a4bc7766572fead0b6037f20b70e2a86ff06959d26fa93135063df6
-
SSDEEP
49152:nySWhaueq9WjeAk4jQ41GADGAdAOuq5+jDcT:nBWh/euW0krGAD1AVY+e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28 PID 2696 wrote to memory of 2100 2696 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll,#12⤵PID:2100
-