Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 20:36
Static task
static1
Behavioral task
behavioral1
Sample
35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af.dll
Resource
win10v2004-20240508-en
General
-
Target
35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af.dll
-
Size
81KB
-
MD5
c9472b8aa1e01e7f1e747a81cc862330
-
SHA1
245f6419658b9ae399d3838917e120ffedec628d
-
SHA256
35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af
-
SHA512
e06b3c8c869fe2ec3601a33310f8f302b99bb926f453a47b5392a5f062196c56290c682b7ba17d96939a9ed617382d2cb08fb76f315f986347f62a1d0dc8e623
-
SSDEEP
1536:ktByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wy:k4v4JKXTx71w0ArSsXF3enq8Wy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe PID 2372 wrote to memory of 808 2372 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35acbf1a12cb01254ddfe0ffc249fd4068a76497fc31f158bb81c2060d2144af.dll,#12⤵