Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:23
Static task
static1
Behavioral task
behavioral1
Sample
775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9.dll
Resource
win10v2004-20240426-en
General
-
Target
775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9.dll
-
Size
10KB
-
MD5
7eeccfb8e308bfa13a79b0ee4e009b50
-
SHA1
afc51c35801ecc5d1350f6876bf83477ac465f34
-
SHA256
775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9
-
SHA512
843f91678db2c9ffd072cd7c2edbeaa36ad2ece758e145aa19c9bc63218c8984737fe5fe1d91b6de54567c51d04be9a3aa8ce186e5b101d32f56ba9cec6f296a
-
SSDEEP
3:WlWUqt/vllnl+YZcFTS9gXeF+X32ZpAl9u/ltHXl7tlllBXlF/lp//llrll1ltd2:idqGVg3F+X32Qb6Rl7Wlymmud
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2992 3016 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\775460f3d480fa5392ed9852cdb2692f016c0f8d3e120bafaab968714ed25da9.dll,#12⤵