Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 23:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1fdd07e96df518973a6fa4f2bce6208c.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1fdd07e96df518973a6fa4f2bce6208c.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1fdd07e96df518973a6fa4f2bce6208c.dll
-
Size
106KB
-
MD5
1fdd07e96df518973a6fa4f2bce6208c
-
SHA1
ba1904aef83fc0b3f087443cae2d1e7406278e90
-
SHA256
6311000cbee01df35abdd7b6ed271096ca085e8d766d98f8c07866a18b0c2879
-
SHA512
c8829d41f64e21be8ed63e53e8c84209e9eb7d10fe982be5b0761ac08630bffe639aa6ea200e8e0d99beadb37e4fe7c374aa1c62c9173d1667f2349737d1defd
-
SSDEEP
3072:mCaVb2b8LPAcbVPnaKjJkNcbzCIVnijEN:mCLILzEcJzCEim
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1924 wrote to memory of 3924 1924 rundll32.exe 16 PID 1924 wrote to memory of 3924 1924 rundll32.exe 16 PID 1924 wrote to memory of 3924 1924 rundll32.exe 16
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1fdd07e96df518973a6fa4f2bce6208c.dll,#11⤵PID:3924
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1fdd07e96df518973a6fa4f2bce6208c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1924