Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll
-
Size
3KB
-
MD5
7652063c28f6e13da6548585482016a3
-
SHA1
5d482f57df06d69eed1d0a07e287de7632038602
-
SHA256
bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229
-
SHA512
21a82f16147974212abbae7c90de5cadee62b75346a928115ed4dc986ec35ef2fb55e84d02997a0da588324eb5292c4dda599ddf6463db7ef8b0e7db71d1f2a7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2072 1992 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll,#12⤵