Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 02:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
361e57190f648d8b4f22616588d75150N.dll
Resource
win7-20240705-en
1 signatures
120 seconds
Behavioral task
behavioral2
Sample
361e57190f648d8b4f22616588d75150N.dll
Resource
win10v2004-20240709-en
1 signatures
120 seconds
General
-
Target
361e57190f648d8b4f22616588d75150N.dll
-
Size
5KB
-
MD5
361e57190f648d8b4f22616588d75150
-
SHA1
6ba4b9c455a0e95cfd9edf634cb8ff0131a35fbc
-
SHA256
29d2f27ad45c7763c6d4362acd2f10c02d04b69c132695025498e0a028dacb11
-
SHA512
7666f1be7bb940f26810f0ea267bf481b7abaa6835d28eeb40e99b74ec45bca87462c3996d95bcb291517f781175c698aa5f577de08c2f13e79ce8655179fdfd
-
SSDEEP
96:hy859x0P8MaVsDEMkFzWSFhrGidiJs8XhrKrB8:F5oLdDEM8W+LWs8RrGB
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31 PID 2452 wrote to memory of 2128 2452 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\361e57190f648d8b4f22616588d75150N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\361e57190f648d8b4f22616588d75150N.dll,#12⤵PID:2128
-