Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 04:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f39944ecd04770457c54f04a1af6bec78538dedd9bb3c27ff4cd4d27e2b60624.dll
Resource
win7-20240508-en
1 signatures
150 seconds
General
-
Target
f39944ecd04770457c54f04a1af6bec78538dedd9bb3c27ff4cd4d27e2b60624.dll
-
Size
730KB
-
MD5
4e60a7e7c3b65d4a732fc1fea72c41a4
-
SHA1
0af1efbbbc9406e90247515bae8b3852e55463f2
-
SHA256
f39944ecd04770457c54f04a1af6bec78538dedd9bb3c27ff4cd4d27e2b60624
-
SHA512
8115cb1ca68bc4f1e37096e936a32f3bbb67f4641fca3e4cdb5729eeb6df6a94467fd1b05c9ed1afe60714ee89947914969fda312f9ddc0aa54962a76cb7385e
-
SSDEEP
12288:ELOF7gC5NRJI7XHgZQKhJgeCmALB49+0VQEYPCMH/V:EKF7JNR2LHgZpJEbLqXYPlHt
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe PID 2240 wrote to memory of 2080 2240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f39944ecd04770457c54f04a1af6bec78538dedd9bb3c27ff4cd4d27e2b60624.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f39944ecd04770457c54f04a1af6bec78538dedd9bb3c27ff4cd4d27e2b60624.dll,#12⤵
-
C:\Users\Admin\AppData\Local\Temp\3266.tmpC:\Users\Admin\AppData\Local\Temp\3266.tmp3⤵