Analysis
-
max time kernel
159s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 02:36
Static task
static1
Behavioral task
behavioral1
Sample
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
Resource
win10v2004-20230915-en
General
-
Target
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll
-
Size
51KB
-
MD5
05575ea25eeeef3c5b49a1d6a1496399
-
SHA1
ca83f5110f8663118b87f2d014ef64ca958879f4
-
SHA256
3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a
-
SHA512
5d5ddba279afa1347941f066bc42d3ebd145fb61f220db7abcb16606ba08ecf135e20db7fc6fe0a8e6d9d78ddc6ea8c5db2bc54db0e2d948f0a5f5f221784771
-
SSDEEP
768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezysAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBdpMC6H
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3088 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1704 wrote to memory of 3088 1704 rundll32.exe 86 PID 1704 wrote to memory of 3088 1704 rundll32.exe 86 PID 1704 wrote to memory of 3088 1704 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3ec42905dc10d2c17e8850dadae50373d35360264b53f2c52310bfec2f862d7a.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3088
-