Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 13:21
Static task
static1
Behavioral task
behavioral1
Sample
37cf001798ad0f308302343d5bc537df.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
37cf001798ad0f308302343d5bc537df.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
37cf001798ad0f308302343d5bc537df.dll
-
Size
20KB
-
MD5
37cf001798ad0f308302343d5bc537df
-
SHA1
79746b16da667d49167e75a16b1ee693a6dcf192
-
SHA256
11d6fbd02b56b4c219260407f69fbfd3e8be50b0b81dd32832292e5ef6734708
-
SHA512
83aa898bbf7b4ba5d7c1f5815aee7b431f308bb6f3a1a790117e7fad02f03df93e4aae276bf9faeb65771ae67f30780d51995a1920f91269e8fab7077082df73
-
SSDEEP
384:ReLHe8hm3TP9EH9EyNPZKv/jGWzmXnLr3PL/I3C:GHe8E3gZKvB8/L+C
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1036 wrote to memory of 3868 1036 rundll32.exe 14 PID 1036 wrote to memory of 3868 1036 rundll32.exe 14 PID 1036 wrote to memory of 3868 1036 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37cf001798ad0f308302343d5bc537df.dll,#11⤵PID:3868
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37cf001798ad0f308302343d5bc537df.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1036