Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2023 19:32
Behavioral task
behavioral1
Sample
01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576.dll
-
Size
216KB
-
MD5
d3689524213e74b4de17966569993618
-
SHA1
69c668f4232d32c62af6232b4ac77fa8e46225fb
-
SHA256
01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576
-
SHA512
b8944b2b92d6293486827761a77ae89f34ac44864c320b6520cfd5857184ea5414bd1c86d5969abeaf5f099c46ba6a68264db35271319b528cd880b73d00503d
-
SSDEEP
3072:PH/Vf+hk0Df0C1HasXPiw+EQ2XwpOAS6qap/OEt81UXp:PH/VWhk6v16hEjXwpOA3qH0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 436 wrote to memory of 4608 436 rundll32.exe rundll32.exe PID 436 wrote to memory of 4608 436 rundll32.exe rundll32.exe PID 436 wrote to memory of 4608 436 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01fe5970d12953b33f535d5e20b19028a94c99857313ca797ddcc2c8ab17d576.dll,#12⤵