Analysis
-
max time kernel
148s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 09:23
Behavioral task
behavioral1
Sample
30bafe5e2d742745a33338d965d41cd6.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
30bafe5e2d742745a33338d965d41cd6.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
30bafe5e2d742745a33338d965d41cd6.dll
-
Size
743KB
-
MD5
30bafe5e2d742745a33338d965d41cd6
-
SHA1
d89d7be0589426b82748c982e10f512320a5de0b
-
SHA256
1c7c3ed81edd1c033e08fe0be1ed0a37e30bdea6b0b8843d98f5d796806f1861
-
SHA512
fc7c6da19ce4121efb4fe4de4e1321b0a7136e6cc2f06a462c9d5a894522699fabff39d7dc84b30e41162a91dccf77923f0eb95b4e722f14c895b9f18b5bc75b
-
SSDEEP
12288:BEmRWvd469qwwvx9swGImfWLJiijqr4jnOa10RIIibqOLGRIg0M+sgMHF8D/Fx:BEvW6IwyjzsfxwOa10C+VIzpDtx
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1148-0-0x0000000000400000-0x00000000005B8000-memory.dmp vmprotect behavioral2/memory/1148-1-0x0000000000400000-0x00000000005B8000-memory.dmp vmprotect behavioral2/memory/1148-2-0x0000000000400000-0x00000000005B8000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2656 wrote to memory of 1148 2656 rundll32.exe 14 PID 2656 wrote to memory of 1148 2656 rundll32.exe 14 PID 2656 wrote to memory of 1148 2656 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30bafe5e2d742745a33338d965d41cd6.dll,#11⤵PID:1148
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30bafe5e2d742745a33338d965d41cd6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2656