Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 23:02
Static task
static1
Behavioral task
behavioral1
Sample
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
Resource
win10v2004-20240426-en
General
-
Target
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
-
Size
915KB
-
MD5
de150ae2b803cbfc2661a7d1ce879fb0
-
SHA1
0f041e66193e8b183cd98429144d3bc6cc721172
-
SHA256
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d
-
SHA512
b1169d90f88bca31e4963a3ffdc170b8f4d269f4ac880c7f6fa5058890da135ed0eedd2a1f38868375b53b83e836969db4e69af4e01e785837bdd1de0b648586
-
SSDEEP
12288:glQfY6JhF47ckeaHP1297QxL4l648PW7hl4pR3ObqzHjEnDWSy9vf4yF:4EJTa098R4WPW7rSEyJ4Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe PID 3028 wrote to memory of 2228 3028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll,#12⤵