Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:20
Static task
static1
Behavioral task
behavioral1
Sample
b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll
Resource
win10v2004-20240426-en
General
-
Target
b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll
-
Size
327KB
-
MD5
baa150fd3eb9c5f670820f51a40c3453
-
SHA1
55682b4b83a81c0c62ad4e4eba2d5759897f84c1
-
SHA256
b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb
-
SHA512
d24d2e56413482ae7baf984c96ca50e7105d1e1034938fdc0e32b8a3ab519fbfd4f2dfc607f226d98c1daeb357c6f96cd4b90a4942fa3d54bf2cc22a9d84bc63
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 2976 2980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b993497fa08d27981ad4ee132602909fbdea02d34ced72b873776df61093d7fb.dll,#12⤵PID:2976