Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2023 14:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
021acb4c039274d3bee467a7f543f6fb.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
021acb4c039274d3bee467a7f543f6fb.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
021acb4c039274d3bee467a7f543f6fb.dll
-
Size
336KB
-
MD5
021acb4c039274d3bee467a7f543f6fb
-
SHA1
9aaf1f7a344f544d13405f64194e6634e4e2015b
-
SHA256
e6b744633582192c63c3699e9265f810f18cfa959d7719e4b81154837126e414
-
SHA512
29dee83f75c95067911811e395184e579c294144f6d980dd32042cc18d5c3c7e6e78e6537a721d6ca65eae2f1920ec06519e86a3075cdee2b76b7116a0aa3353
-
SSDEEP
6144:5pMewwLP6kr3nCkTzJ67Jd6IgP3AR9CJOtbILnagXCmsV69X:nM8tzRFIgP3AnqDZX8E9X
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3976 wrote to memory of 1500 3976 rundll32.exe 58 PID 3976 wrote to memory of 1500 3976 rundll32.exe 58 PID 3976 wrote to memory of 1500 3976 rundll32.exe 58
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\021acb4c039274d3bee467a7f543f6fb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3976 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\021acb4c039274d3bee467a7f543f6fb.dll,#12⤵PID:1500
-