Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 23:02
Static task
static1
Behavioral task
behavioral1
Sample
75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1.dll
Resource
win10v2004-20240508-en
General
-
Target
75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1.dll
-
Size
1.2MB
-
MD5
25b6615e79ec40e50d4458c1ebdc9586
-
SHA1
996f140ce0b59020ab57d44f907a23d7295abf6a
-
SHA256
75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1
-
SHA512
27b129be3c64875a41fc89d159c2a583a43384ee9620b33cfaa1b1902d32afa226233cf7baf4c177d9222720bb112fa73f5d9b196dd5e6b76c8d9f8b479f88d2
-
SSDEEP
12288:CQu2zFIhc6Pw+rtLjPIozmDy5a9TQxFqONaQUWdPzO/MwRxnE5D3xBG:tzFyjPIKm25a9TQxFNaQbPMFRy5S
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28 PID 2460 wrote to memory of 2660 2460 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\75066fddbacd6f20fb2cbfd4ff02261996c00492d8f72ed3dde2f8ab619c0eb1.dll,#12⤵PID:2660
-