Analysis
-
max time kernel
53s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2023 21:59
Behavioral task
behavioral1
Sample
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
-
Size
831KB
-
MD5
30ce41719a73809302d8dd6e9bb0c24c
-
SHA1
705191371aeb7180dfe497732900bfd8ccb69b65
-
SHA256
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9
-
SHA512
7befcefc3fccc947c7ddecdff15d3a1cfe8330441e99b9b76c273cdd72a284011157c00a1b9b45ba6f65e03bb07927fcd41bf81c7a86c46ad100a8f6ec47dca6
-
SSDEEP
24576:WxIMqwpB35MKFvQCa04XHaBWBxR7txDcPjBx:uFNpBpMKFvQCR4X6BWBx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 816 wrote to memory of 4356 816 rundll32.exe rundll32.exe PID 816 wrote to memory of 4356 816 rundll32.exe rundll32.exe PID 816 wrote to memory of 4356 816 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#12⤵