Analysis
-
max time kernel
123s -
max time network
144s -
platform
windows10-1703_x64 -
resource
win10-20230915-en -
resource tags
arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system -
submitted
13-10-2023 04:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll
Resource
win10-20230915-en
windows10-1703-x64
1 signatures
150 seconds
General
-
Target
1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll
-
Size
102KB
-
MD5
ed15379ed0c9f2e2cc0c105fc8f08896
-
SHA1
eb19214f7242ffa308fb1366f619a6293ab5c2e9
-
SHA256
1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3
-
SHA512
9c3563fc4f16b124053d21937aabb0be32deda3c673ea04505df662d972352b62ea7488f3d0177d8cc868e9cdda49b298db6ac589a71799025f8bcedd5e70fcd
-
SSDEEP
3072:+rU7xUICZ+FOIm2Kosm72uQR6wQr77xUZYNS60Z:uEFhgYsS2uQRevNS60Z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2740 wrote to memory of 2144 2740 rundll32.exe rundll32.exe PID 2740 wrote to memory of 2144 2740 rundll32.exe rundll32.exe PID 2740 wrote to memory of 2144 2740 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll,#12⤵PID:2144