Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7.dll
Resource
win10v2004-20240226-en
General
-
Target
99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7.dll
-
Size
5KB
-
MD5
fba86f9a8cd8532602d9bbc7cd213e4a
-
SHA1
7ec563c2e8db0b1bc9ab17ac215b426507192314
-
SHA256
99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7
-
SHA512
8dcd9b57d992ae1dc7059526bd14869e101313e7a300608a6fb62a6b2c7f969bdcd434863b7b6b046143753e4a2c69f476774c5b44652e97024e0b11640755e3
-
SSDEEP
96:nEY2RrF1eqwi4/gFFcU+XbWvKAgbuUl2VU3F5yB/6:EHRh1eppvXbWmuVMXE6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28 PID 1936 wrote to memory of 2036 1936 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99694560682b901638c62251b16c020c3a6c1198cdc49ec3c57239f1d2f4d5d7.dll,#12⤵PID:2036
-