Analysis
-
max time kernel
174s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
16-11-2023 09:44
Static task
static1
Behavioral task
behavioral1
Sample
2/LxBase.dll
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
2/LxBase.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
2/spc.exe
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
2/spc.exe
Resource
win10v2004-20231023-en
General
-
Target
2/LxBase.dll
-
Size
948KB
-
MD5
d743a6bf808f7b33b070c6658429d745
-
SHA1
d5e8113b256b00eae11d1afa4c832347b4fdaf49
-
SHA256
0ca96517035953824ad51fa970172c6c51879ddb132b9e37da097f3687ad7796
-
SHA512
2bf65ef698731c489d927472cf9743a7a84a9e857bc979d01af8963d967e99c17b4c38aa1cf01e24a18e92a1a99dcdf6513f0821a41b541c05831997d0f432b2
-
SSDEEP
12288:3dqYAmmsHpYYiz1uZdFxM/mDd88tduImUum7Ix+btPQLMkxalHhROzea2nU:3rDmsHpYYizIZy/mDPHuIVZooPOwqgU
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3860 wrote to memory of 3148 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 3148 3860 rundll32.exe rundll32.exe PID 3860 wrote to memory of 3148 3860 rundll32.exe rundll32.exe