Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 19:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
38d3ef59908649a92b60d4af7e57f14d.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
38d3ef59908649a92b60d4af7e57f14d.dll
-
Size
354KB
-
MD5
38d3ef59908649a92b60d4af7e57f14d
-
SHA1
bc2c31ad2f71ba29bc00860c731b9bbafdaecc66
-
SHA256
24cdf72cffd9e2741cb98a0b0c2999ebd43213bb745bff99b09aef31522503c0
-
SHA512
c55ce681d8d2a09493085314c3b269746b6514b59b06a34a58219c4f46d49aa9d7cd67911b59acdc52e32ccaf13e0798b68ddb9194bb54b65b6d56903ec10416
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0A:jDgtfRQUHPw06MoV2nwTBlhm84
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3288 wrote to memory of 3800 3288 rundll32.exe 15 PID 3288 wrote to memory of 3800 3288 rundll32.exe 15 PID 3288 wrote to memory of 3800 3288 rundll32.exe 15
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38d3ef59908649a92b60d4af7e57f14d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38d3ef59908649a92b60d4af7e57f14d.dll,#12⤵PID:3800
-