Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 05:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f3b3b33d4450e130838dd3248e4bd71cc1ac68b3576704b476ef63d092b3ea74.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
f3b3b33d4450e130838dd3248e4bd71cc1ac68b3576704b476ef63d092b3ea74.dll
-
Size
1.0MB
-
MD5
ce6f0a991d30a2c05bb5b2a3f7d7e8f3
-
SHA1
1e46492dfef8032cab5c78178113113d61d14ee7
-
SHA256
f3b3b33d4450e130838dd3248e4bd71cc1ac68b3576704b476ef63d092b3ea74
-
SHA512
7e10fca01de13aa3dee8d6bf42ecf9e4a95f9dc79910c5fd923b563b3b9a4c01edcb276cac8d0068b1974ae6b64fc72af7194252be61089db6584b71eaeddc61
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYq:o6RI1Fo/wT3cJYYYYYYYYYYYYq
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28 PID 2660 wrote to memory of 2832 2660 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3b3b33d4450e130838dd3248e4bd71cc1ac68b3576704b476ef63d092b3ea74.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3b3b33d4450e130838dd3248e4bd71cc1ac68b3576704b476ef63d092b3ea74.dll,#12⤵PID:2832
-