Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
27-09-2023 18:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
458442cb31be688b8cbbc26f4eb55be0_JC.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
General
-
Target
458442cb31be688b8cbbc26f4eb55be0_JC.dll
-
Size
787KB
-
MD5
458442cb31be688b8cbbc26f4eb55be0
-
SHA1
07b72c6e65f871ca44c65117987f74aaaaa0bb1b
-
SHA256
5bd90431dd51f7c357c11acde901bd94262d1c4cdbff4869bf4977a10868bc76
-
SHA512
80b59ba7b46b209a2261da73642692ce309cfb3918dc2a5e3d8aee7d52f1973331a5723835f84c5ed7fd4a91bceabc61774d49115300da85f53e382727ca3ad6
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0KIgXTN:jDgtfRQUHPw06MoV2nwTBlhm8vw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3720 wrote to memory of 4628 3720 rundll32.exe 85 PID 3720 wrote to memory of 4628 3720 rundll32.exe 85 PID 3720 wrote to memory of 4628 3720 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\458442cb31be688b8cbbc26f4eb55be0_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\458442cb31be688b8cbbc26f4eb55be0_JC.dll,#12⤵PID:4628
-