Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 09:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
General
-
Target
0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll
-
Size
2.6MB
-
MD5
77fbe5dc0c1e8bb93003b0cb3a7a7544
-
SHA1
b97945d582cb8e69420cafdf13434dcbce14d079
-
SHA256
0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087
-
SHA512
a5f93ca0f356df8ba6febc83ab4f714e98c80d346748843c56910c4f9e46a08f97089b0df2712704b36e3958d3583e4d7107fadcd715279c8ac1c412e29233a4
-
SSDEEP
49152:fUqKbFoZh5ssm4Gn3usX2qQYkVI9KZ1EpXhEQTZ1lsc07PlLxBmZFTbdTmHs:8HbOssvGhX2zLlZg2KNm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 1724 1036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3406ff314d9ed77f252005541df6df3b0e779f2ca0b2295c6d9ff5da65e087.dll,#12⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\10E2.tmpC:\Users\Admin\AppData\Local\Temp\10E2.tmp3⤵PID:2612