Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 02:03
Behavioral task
behavioral1
Sample
a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll
-
Size
96KB
-
MD5
d3caf41cdf8142114caa54fff2aba2d5
-
SHA1
403295e80286698e64914c9a8730f710a47ee6b7
-
SHA256
a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418
-
SHA512
37b14ea8c491113ca30af9aebd0634b6e926a37ad66c824b7f3b2bdb5eb1b499ff5a05ff56ba2f442c5e703364ad4df4968e387203f52d754223e8238eb177e9
-
SSDEEP
1536:YrHXsaP2+XvkbETeDDD2TdbM+l4irK1aK6Cry2rBStd/i:cP2+Xcb5KBrKqEMt
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe PID 2880 wrote to memory of 2368 2880 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a22363448325c3870ececd0c79220da9148716db50829cf79501306560f8f418.dll,#12⤵PID:2368