Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 05:32
Behavioral task
behavioral1
Sample
fwsc.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
fwsc.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
fwsc.dll
-
Size
13KB
-
MD5
9f7c218922b9f7769481318324a3c0b2
-
SHA1
a1e53b7f364acabf022493c0db1210c99fa1541b
-
SHA256
f96c1f5a6d0c1713df7a5e329c7dbe8d07628514fb5d8b33d0b1970ae33beb96
-
SHA512
fa5700ac5af76eb58cc8e6b8399366ce58247dd797ad0af913409a93e626780202144184e2bd1808331da551d3c00dc1e11dc70d109710158d735f95feb4a994
-
SSDEEP
192:I/I/OiRQXaGnED1WqIkIE1iY0/Ic1+AMHhoUqkVucA8LBOxx:3/sqGSvPhiYoIcgA9YV+L
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1196 rundll32.exe 1196 rundll32.exe 1196 rundll32.exe 1196 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28 PID 2020 wrote to memory of 1196 2020 rundll32.exe 28