Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 13:25
Behavioral task
behavioral1
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win7-20240419-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
-
Size
13.2MB
-
MD5
f4c06995470f34390e9090a2c7a3fc95
-
SHA1
a0fe4f9551ebdaa5e7e983e583eefd4a2d0cef92
-
SHA256
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251
-
SHA512
7484fb4154cf5eb6715bbe43f020508662d1c244dc02ad662f2f15a8e4fe7f76c5a07b84a7d4de9d43e800ab23c9b5cb6de9d14f57a3365679ebb5603ca5ecce
-
SSDEEP
196608:1b2mHsvktiRxL2FSmXfsCkLZopUrt3iyOAaCxq7sNvD1IaeOZiG6BrKl9i:l2mvgL2zEaa1iyOAlvSxOEGmr
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#12⤵