Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:26
Static task
static1
Behavioral task
behavioral1
Sample
bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934.dll
Resource
win10v2004-20240508-en
General
-
Target
bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934.dll
-
Size
81KB
-
MD5
40bfca4c474a346386b459d171a02657
-
SHA1
8763a2931292d8097571773f6de9dcc4deaac497
-
SHA256
bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934
-
SHA512
2ce057cb0bc33500c1b9ab8b38e6b053a04708a405728e4d1af1d131ed2814b5ac13f5c5b70ccef081b9071e3e174c9b80d4e36f3bdfc646100c498249c6cbd1
-
SSDEEP
1536:mtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wv:m4v4JKXTx71w0ArSsXF3enq8Wv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1992 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc151967630a01d745fc5c1e9009d2484b523df4fa5c14fd43a3395031e3c934.dll,#12⤵