Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 05:53
Behavioral task
behavioral1
Sample
4fc213c5beec0a48c992cc16147bd898.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4fc213c5beec0a48c992cc16147bd898.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
4fc213c5beec0a48c992cc16147bd898.dll
-
Size
458KB
-
MD5
4fc213c5beec0a48c992cc16147bd898
-
SHA1
d078e20725cdd69ef19feff5ccb74a8eebbe7a2a
-
SHA256
a009833a53432868463134a6df8b017b744c4392b80d2446a33a71ee9f51cada
-
SHA512
730195cd83e3474f9ad9be3b4ce0f8a0144242ee85212f00b65c1c2a0ab71073afbafb6e76a2d2103fa4153623e9d8149b605874718c3f54c0374efa89f2679f
-
SSDEEP
6144:wpk16OPyxES6t7kxrpZDGI9VSgljHRCp8vohC3WeyZzqT0ouGCOuOy3wH1Pc:aQ6Eyz6pknZSMogF4IoggouGnrH1Pc
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/5068-0-0x00007FFE5B630000-0x00007FFE5B6AD000-memory.dmp vmprotect behavioral2/memory/5068-1-0x00007FFE5B630000-0x00007FFE5B6AD000-memory.dmp vmprotect -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification \??\c:\windows\4uh7y6E\ rundll32.exe File created \??\c:\windows\4uh7y6E\6yBq8o9o3A.txt rundll32.exe