Analysis
-
max time kernel
128s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:36
Static task
static1
Behavioral task
behavioral1
Sample
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll
-
Size
2.0MB
-
MD5
35d9667ad13add8d29b087c335d758e9
-
SHA1
9c1a2d365237d5218852501295502748d42f4c25
-
SHA256
62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211
-
SHA512
4b09f7a6b3ce6578db925e2b6953b840ee6bfc00db03f8726c07c94f05e7f9d87e8384183829c46450834a72afef552b44b41c628236dc832d8f7f4172e60505
-
SSDEEP
49152:4FIbdyf/vgyuEC3GaeqlVi9/6pNMEhJL1Hvrp:QIbg/MmaeqlVi9/6pvp
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 652 wrote to memory of 4324 652 rundll32.exe rundll32.exe PID 652 wrote to memory of 4324 652 rundll32.exe rundll32.exe PID 652 wrote to memory of 4324 652 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:652 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\62eec2e289e87541a71b4d9c45432dbfafe4d5b7369400c840bdd11c64f9a211.dll,#12⤵PID:4324