Analysis
-
max time kernel
151s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 19:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
01c1ecce8dad2c597172cb7ebfad5b4b.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
01c1ecce8dad2c597172cb7ebfad5b4b.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
01c1ecce8dad2c597172cb7ebfad5b4b.dll
-
Size
19KB
-
MD5
01c1ecce8dad2c597172cb7ebfad5b4b
-
SHA1
d69d2a611a86e65f223c60fbf76e50f3324c9fe7
-
SHA256
35a7a734e734dbe95b11d0844c1790aa637c440334f221f7117e8d55db9fa5d8
-
SHA512
f3feb58e5050874fa5e9a132e0b1ed2d80ce6e3e22e0b868020adce152dfe9169ddf5779bf6045929a90ee11641327540a6fe639e08dd35fe5cc4120b35325a4
-
SSDEEP
384:DZXVCJvjOKBIeACv4fm3OzVXw2a4ubiQ8fOHDX+YeH2VFKIPyb/cpcfGQkr:VVyjOKBIeACv4O3OJw2GbFHDXv2b/cpZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1600 wrote to memory of 3408 1600 rundll32.exe 89 PID 1600 wrote to memory of 3408 1600 rundll32.exe 89 PID 1600 wrote to memory of 3408 1600 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01c1ecce8dad2c597172cb7ebfad5b4b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01c1ecce8dad2c597172cb7ebfad5b4b.dll,#12⤵PID:3408
-