Analysis
-
max time kernel
118s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 12:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
180b7ded737df910de9d11103e62f797.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
180b7ded737df910de9d11103e62f797.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
180b7ded737df910de9d11103e62f797.dll
-
Size
7KB
-
MD5
180b7ded737df910de9d11103e62f797
-
SHA1
445ede511bced37e866592095b5f73649c845721
-
SHA256
276f924011c804d068e1fc30455405390a04a68bea23db646763414112bcc672
-
SHA512
552bbb051a96de8bfeaa9b7277b77ee4ee92d2603c056132173839c5eb725b888e6eb08b47b863ca2f112051a3dc19a9f28bd44acf07ef3559d5112547bd8a1e
-
SSDEEP
48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWJbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbP3q3qX5S2hV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4556 wrote to memory of 1508 4556 rundll32.exe 15 PID 4556 wrote to memory of 1508 4556 rundll32.exe 15 PID 4556 wrote to memory of 1508 4556 rundll32.exe 15
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180b7ded737df910de9d11103e62f797.dll,#11⤵PID:1508
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\180b7ded737df910de9d11103e62f797.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4556