Analysis
-
max time kernel
108s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-03-2023 10:28
Behavioral task
behavioral1
Sample
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
-
Size
3.2MB
-
MD5
04b4e9aab7720236309970a5fb118daf
-
SHA1
8a59571601d254c983bb91ac32f9665ed9528af2
-
SHA256
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735
-
SHA512
cb3680f41ef37cb8b11dd64fde1562e8e5fccd35f5033ea5b6abc30f4e7ceabe37d6e20feb7015eaed0f18e00edbb8631b72cd5494b3723b6971aca0638003ea
-
SSDEEP
98304:Ov170f+VDHfEIgyIJZzOL8eUN4eFMWH0cNti:Ov170cHcIEZKL04iMKVNc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1196 wrote to memory of 2372 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 2372 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 2372 1196 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#12⤵