Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
05-07-2024 01:21
Behavioral task
behavioral1
Sample
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
Resource
win10v2004-20240704-en
General
-
Target
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll
-
Size
108KB
-
MD5
22550198c3cf0137adab338814227034
-
SHA1
44f094f6e7e45e9a8ee6f9b50b4eff45b0da9643
-
SHA256
5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18
-
SHA512
38e853229ab7ca32c421d278a714415a61c403856df71197857088a918e1468b37844603578ba8ecb87ccfff1a6fbbfc9eb7ca1ab1631f828840fa2b4c40f7b3
-
SSDEEP
1536:Z0phaPh6KMG2KCB+Cyn1mz2FrTG8+2olmnlguqiPltGcWAKt3sd2NX:CzvU11OkJ1XWAKt3sgN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2456 rundll32.exe 2456 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe PID 2228 wrote to memory of 2456 2228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fb00fcc717dee09a19cf0ad86fa0bc2c8c0cdb4a33643bba4856f2e5d3fbd18.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses