Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 18:22
Static task
static1
Behavioral task
behavioral1
Sample
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
Resource
win10v2004-20240508-en
General
-
Target
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
-
Size
327KB
-
MD5
66fe98121562d60b8026cb14deecfcc9
-
SHA1
540d3b58ce6db5de20ef38d1db54cb3dc3e3f21c
-
SHA256
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8
-
SHA512
fdebbcfcfa998bd6a56f07ff98b409a1d0c29ae8a2ac56c5b189f5975b4b079ef0ac32d4621caa3bb23d3c294861b2f603c6b4c6b2c8f954f66c88c49f983390
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 2668 1988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll,#12⤵