Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2023, 21:34
Behavioral task
behavioral1
Sample
dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll
-
Size
899KB
-
MD5
29cf1bb1651aa6491be47817c95695ef
-
SHA1
c82a4b3ef680298933ea470d51c78ff5971ae721
-
SHA256
dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5
-
SHA512
a304a0afdffc884360be6f94f63dc07015ed786480b11019446fd96223a5a0f046cd8b885e3ae31d61a9606d52b09cf46cc0c366fc595a148cf051e273102d27
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXU:7wqd87VU
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3140 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1936 wrote to memory of 3140 1936 rundll32.exe 81 PID 1936 wrote to memory of 3140 1936 rundll32.exe 81 PID 1936 wrote to memory of 3140 1936 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dd926d7d8028b69155110940cbb5263c65763e4ceed727e0c401a731b09ee5d5.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3140
-