Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 02:06
Behavioral task
behavioral1
Sample
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4f72edc93c9aa593c9c724dd9ee2a0c5.dll
-
Size
748KB
-
MD5
4f72edc93c9aa593c9c724dd9ee2a0c5
-
SHA1
77e1541befe7ffaa72d6dfdc6dd328d27965b1e6
-
SHA256
370c712dd759ed8920ea8f60e4a0fcecd11a8cfa8642fb4c9e4f7df3ab05c107
-
SHA512
f728efee7993bae408791261c7190648107a19d55e14b330b69f89e28c441c0fff3ad137a1fcd8e890618ba2b201e49b3dc6962e3a65630c615169d46277de64
-
SSDEEP
12288:krTmzUHgoZ4wcY6mN9ELoGd/VVz7V8KEpKIeyqEJtK8UeJixjFNehis3bKy:6IUH0wx6mN9ELH/TF8K2KBydJgPxQ+y
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4352-0-0x00000000022F0000-0x00000000024A9000-memory.dmp vmprotect behavioral2/memory/4352-1-0x00000000022F0000-0x00000000024A9000-memory.dmp vmprotect behavioral2/memory/4352-2-0x00000000022F0000-0x00000000024A9000-memory.dmp vmprotect behavioral2/memory/4352-3-0x00000000022F0000-0x00000000024A9000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2732 wrote to memory of 4352 2732 rundll32.exe 87 PID 2732 wrote to memory of 4352 2732 rundll32.exe 87 PID 2732 wrote to memory of 4352 2732 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#12⤵PID:4352
-