Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 20:35
Static task
static1
Behavioral task
behavioral1
Sample
356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b.dll
Resource
win10v2004-20240508-en
General
-
Target
356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b.dll
-
Size
59KB
-
MD5
a6efec55fbd8408b816dcefe443bde60
-
SHA1
3c3b4704c55540468ce4b1b9a7299f50e6104a47
-
SHA256
356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b
-
SHA512
d4a6b1a7d4a7278be9e8763081e94d3a1fcb4b3244d79f6ea3e037ac37310ca06ca11a40d141f8e0b39cd42563fab4ca8c6b5bcbca4813c6592d48b876a3d106
-
SSDEEP
768:vAAp38DU1c60iaOIiQClgwrsu6rF7/Xutv8RwkXd94c6B3tH++vuARr:xz0iSaDru7/+PeBar
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe PID 2224 wrote to memory of 2228 2224 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\356b5fc3f9f175eac8390ace59bd731c18c9b86b7d656a0985caecd6865e9f7b.dll,#12⤵