Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 02:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
General
-
Target
da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll
-
Size
786KB
-
MD5
483dc51a57754640acf1f3422fdccc10
-
SHA1
d2e9c7bb879b942be15918e46f61b3fb5f53a22c
-
SHA256
da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd
-
SHA512
4236972ac4788d2bbbbe24b7767a2d5206a92382afd03d2a5f13ae5a5479c9ff1a801f3b277a016c2d119fa6de0a2431c44315654fab6e8b066734e6607d96fb
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0X:jDgtfRQUHPw06MoV2nwTBlhm8P
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28 PID 1924 wrote to memory of 1996 1924 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da471ab235dad6328e83f935cedf493d38c67c5b0fccb60390cbd2a10d3381fd.dll,#12⤵PID:1996
-