Analysis
-
max time kernel
214s -
max time network
242s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2023 04:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ed15379ed0c9f2e2cc0c105fc8f08896.dll
Resource
win7-20230831-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ed15379ed0c9f2e2cc0c105fc8f08896.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
ed15379ed0c9f2e2cc0c105fc8f08896.dll
-
Size
102KB
-
MD5
ed15379ed0c9f2e2cc0c105fc8f08896
-
SHA1
eb19214f7242ffa308fb1366f619a6293ab5c2e9
-
SHA256
1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3
-
SHA512
9c3563fc4f16b124053d21937aabb0be32deda3c673ea04505df662d972352b62ea7488f3d0177d8cc868e9cdda49b298db6ac589a71799025f8bcedd5e70fcd
-
SSDEEP
3072:+rU7xUICZ+FOIm2Kosm72uQR6wQr77xUZYNS60Z:uEFhgYsS2uQRevNS60Z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4852 wrote to memory of 4816 4852 rundll32.exe rundll32.exe PID 4852 wrote to memory of 4816 4852 rundll32.exe rundll32.exe PID 4852 wrote to memory of 4816 4852 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed15379ed0c9f2e2cc0c105fc8f08896.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed15379ed0c9f2e2cc0c105fc8f08896.dll,#12⤵PID:4816