Analysis
-
max time kernel
152s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2023 22:18
Behavioral task
behavioral1
Sample
393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184_JC.dll
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184_JC.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184_JC.dll
-
Size
899KB
-
MD5
574f2b072dfd1fcbd5bb195668afb8e7
-
SHA1
dd6c67e2cb51d3098009a2906664ac349ac212a9
-
SHA256
393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184
-
SHA512
d6e1058282a93fed90aed9b7ea174ae6f5e0764bdbc35254d1d2e4b6ca62a19005819f16296e3af4b3b890ed30bcee3414d7d9091c58b1d48e6e803c4725a011
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXb:7wqd87Vb
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5084 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4536 wrote to memory of 5084 4536 rundll32.exe 83 PID 4536 wrote to memory of 5084 4536 rundll32.exe 83 PID 4536 wrote to memory of 5084 4536 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\393487b684583b150f3a88b90f9901b9531ba75f19e2b6290a97d3b83bfa1184_JC.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:5084
-