Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:20
Behavioral task
behavioral1
Sample
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
Resource
win10v2004-20240426-en
General
-
Target
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
-
Size
572KB
-
MD5
c6c8ac637b64b7a5013de464d8e32308
-
SHA1
5e128ea3f5bb943f6edec3e6e9e42d739652e0f8
-
SHA256
3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f
-
SHA512
2d19dffa7301f11ccde14c85f9ae88a6fcefad552b84890bfce804c3d61f2eda8efd3ae2a7bbdd015cdec8ff8963a988b14f0dcf4ab9d43782315c35f4f27d6e
-
SSDEEP
6144:5uRydcGid80GZydrXAjoiWCFAviiJy59qsfnd9idBWqpivTaZbNbySno/xn8CGGC:5uRyvidfd0oRoueCMlC+/tgr
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2304-2-0x00000000745E0000-0x00000000745F7000-memory.dmp UPX behavioral1/memory/2304-0-0x00000000745D0000-0x00000000745E7000-memory.dmp UPX -
Processes:
resource yara_rule behavioral1/memory/2304-2-0x00000000745E0000-0x00000000745F7000-memory.dmp upx behavioral1/memory/2304-0-0x00000000745D0000-0x00000000745E7000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe PID 2292 wrote to memory of 2304 2292 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#12⤵