Analysis
-
max time kernel
132s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 00:38
Behavioral task
behavioral1
Sample
08c1fa98964b3c2191238c7aa3134f86.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
08c1fa98964b3c2191238c7aa3134f86.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
08c1fa98964b3c2191238c7aa3134f86.dll
-
Size
1.1MB
-
MD5
08c1fa98964b3c2191238c7aa3134f86
-
SHA1
9ba8853ebd69b0fc7c7181aadcac6a313ee0a431
-
SHA256
048430d6071abaabb7dc29ace20a49f040407c879ee04fe99321e8d511471df5
-
SHA512
dd2c38c2ed76648831e5034b7bb1b0b7f95f0489c6b59cf3aae97b896655743bc3664a0f3ea71cc6e080f648f32fc84f1fc5bd953a4d5c0dc231c98e74b4cbff
-
SSDEEP
24576:7bba91q6btoq63x1Exf1cfhUSnIaWA62IekSXp5rPfxWxa1Vv:7azbtScVafhU6IvA68kA3+6Vv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 820 wrote to memory of 2592 820 rundll32.exe 88 PID 820 wrote to memory of 2592 820 rundll32.exe 88 PID 820 wrote to memory of 2592 820 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08c1fa98964b3c2191238c7aa3134f86.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08c1fa98964b3c2191238c7aa3134f86.dll,#12⤵PID:2592
-