Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
15-01-2024 16:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5d951b5f89c57f0c0d86faef17768594.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5d951b5f89c57f0c0d86faef17768594.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5d951b5f89c57f0c0d86faef17768594.dll
-
Size
13KB
-
MD5
5d951b5f89c57f0c0d86faef17768594
-
SHA1
1f6888ce0c45299d7657c12eac0dda4e7d8456b9
-
SHA256
726e93a8aa83f8ee6c00ce7c656b33c735f4fff0e120e6f8e90987c5f8d5d1d0
-
SHA512
da3c5b6dae39970a7f66f41b376424f77484c7e4df3d756c1795c97122ae05a3715ac8160a2bde9b3191bf296e9d5bad1767ca6ed9f01842d0b2cf1c6037188d
-
SSDEEP
384:YZLEcGtJG0uhcqZJIS5yoakJVuqbbV+ujzlm+M7i:WAcGts0unj9akfvX8EX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4948 wrote to memory of 3172 4948 rundll32.exe rundll32.exe PID 4948 wrote to memory of 3172 4948 rundll32.exe rundll32.exe PID 4948 wrote to memory of 3172 4948 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5d951b5f89c57f0c0d86faef17768594.dll,#12⤵