Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 18:21
Behavioral task
behavioral1
Sample
07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4.dll
Resource
win10v2004-20240426-en
General
-
Target
07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4.dll
-
Size
3.6MB
-
MD5
effb28ed3ca1e6bec003e76ebdc0c0b9
-
SHA1
5df67bfb00572b5bd625787b4b2cf84c2777af3e
-
SHA256
07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4
-
SHA512
69cbbe278db8d420cac1f4b2d3060b026eb51aa4c35a8fb1ec1156e7de7fd3be37b4ab73b57aa97a596fbf197196143566ca665f4ae22eca1f4e3be717d6e6e1
-
SSDEEP
49152:vl1SNZcDCNmtVyTLREC8qtF516oWE9eixQccAN61Wo+gO61Wo+geRv361Wo+gXSn:iEC8A716om0bQZ0BqIWJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2652 2252 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07abd2068a5da1d6e3a8746322be4a62d6de2a84d0972fba2c8c542827f320a4.dll,#12⤵