Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 23:05
Static task
static1
Behavioral task
behavioral1
Sample
71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da.dll
Resource
win10v2004-20240426-en
General
-
Target
71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da.dll
-
Size
327KB
-
MD5
99711cde20021a0743d9eaadb6c3f033
-
SHA1
87902266d7910434481a051432d8f4492f570338
-
SHA256
71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da
-
SHA512
27291b9380c1ae885d4988c644bd9bd72a9a7eb2329115ea3e5628387718e14874a9237cddddc3a738e8ec17abfd7390258d8b82ac1d3262f8acc733bd4057ba
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 1940 2392 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71fe20f4bd0d35b342b6c194ce00f6ad2338b0dd91c35c7668e1dbfb9f63a5da.dll,#12⤵