Analysis
-
max time kernel
144s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
01/01/2024, 20:47
Behavioral task
behavioral1
Sample
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll
-
Size
899KB
-
MD5
4056ff52fc3297465ecfab806e5802f5
-
SHA1
92d139b4a58c3a26f4c850552a6547a55a1f880e
-
SHA256
71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1
-
SHA512
5627539c915f151b64bc34e96584cf1319546f26b26bef50730a2686bf4722cda84f937c1624dbaaa775ae684f905d138c5b066d52c8a0da79782f20d781251f
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX+:7wqd87V+
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2096 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1964 wrote to memory of 2096 1964 rundll32.exe 16 PID 1964 wrote to memory of 2096 1964 rundll32.exe 16 PID 1964 wrote to memory of 2096 1964 rundll32.exe 16
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#11⤵
- Suspicious behavior: RenamesItself
PID:2096
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71dd0f7b91408d1d5ad1347ae66405d2d8da0ac01bf6601cc25ffb53937d31a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964