Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-01-2024 18:37
Static task
static1
Behavioral task
behavioral1
Sample
484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7.dll
Resource
win10v2004-20231215-en
General
-
Target
484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7.dll
-
Size
1.1MB
-
MD5
ec4f5f65e0d1729caa57e0d574f31255
-
SHA1
53083b4d56e7582070b3046a17e1ea74132eab33
-
SHA256
484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7
-
SHA512
872ec3113eee9fb2fcd7be02b868f00be824920e0d8cbb6ac86f9ebfd5cf844f83c72dc2cd6038f46072427dc1f7226181c9a0ad1150d8eadb9aa6824d6f5c6a
-
SSDEEP
24576:wOvd4G88YT3oY2y1fgJqBdCI1Gpg2VXvGooI5zDiUSFeC24De9s:wGcboly1VBP1g/r5viN0C24DJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 448 wrote to memory of 4420 448 rundll32.exe 88 PID 448 wrote to memory of 4420 448 rundll32.exe 88 PID 448 wrote to memory of 4420 448 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\484a2e1632510092360423e602085b790d690d76e39d0f57207734542aa53bd7.dll,#12⤵PID:4420
-