Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:49
Static task
static1
Behavioral task
behavioral1
Sample
ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1.dll
Resource
win10v2004-20240508-en
General
-
Target
ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1.dll
-
Size
5KB
-
MD5
f3cc154bbad3fc748a1e37d4e909e9e2
-
SHA1
1ec90451c27a16c08b1c37ade9881ea0ff2681f5
-
SHA256
ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1
-
SHA512
06d5a2f620854b646bd134f1c59a194f0478bd96e692047f4a85967982d5fcdcf5f52c7c5385812bca302e5171e17725e09eb688e14a246b22a8aaadf0b47f0a
-
SSDEEP
96:hy859x0P8Ma+C4+T/7z1bDamgraWfVOyfNqGkzyzVR:F5oLBC4+T/7zl+mgzfNqGxR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe PID 1300 wrote to memory of 1720 1300 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad4ee1ecbe30186efdb87d1e0e51b42929affe02af0d16c5bd1077f92500c3b1.dll,#12⤵PID:1720