Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
19/11/2023, 06:57
Static task
static1
Behavioral task
behavioral1
Sample
19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846.dll
Resource
win10v2004-20231020-en
General
-
Target
19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846.dll
-
Size
279KB
-
MD5
bdf7cd039afca3700569d2a3b5923be4
-
SHA1
c1b472b61324d84e6b2188455918e6addd442a44
-
SHA256
19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846
-
SHA512
8cd2a7c38ff1edd453ca800c07ed1217a762c4b49cc34b79683a871a9d0c61696e5c25ea09bcbb9fd6c5e61108e869bed9bbc4879085a2dd9bec77190afc6e49
-
SSDEEP
6144:mZcnYf6Ad5vW4d0hYs5yh5xbU8f/PSSOxJXRsWU/Z:06Adph0E+8XKT3Wv/Z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4776 wrote to memory of 1124 4776 rundll32.exe 88 PID 4776 wrote to memory of 1124 4776 rundll32.exe 88 PID 4776 wrote to memory of 1124 4776 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19a7e29dbf2044af2c1a6a03fe411f0e62e10088767442eb56517f69a874f846.dll,#12⤵PID:1124
-