Analysis
-
max time kernel
131s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
36b65e3c304e3b88c5fda95f69bcd3f52adf4853a61c2e1fce8219d3206e9abe.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
36b65e3c304e3b88c5fda95f69bcd3f52adf4853a61c2e1fce8219d3206e9abe.dll
-
Size
2.5MB
-
MD5
1aedcd1e300d1e6d7c0083b8f0f362f0
-
SHA1
b2b0cb3a9695c2e8d46840653a0a199d38d8522f
-
SHA256
36b65e3c304e3b88c5fda95f69bcd3f52adf4853a61c2e1fce8219d3206e9abe
-
SHA512
26515dfe284eb3f3eb35902b8d5bb95187c407d2c2926133578b9f9424afb7d33da555e340ea3506edae2d2b5ee86dd9a0bb3005da3d69dd3c1bd002655b4b0e
-
SSDEEP
24576:b4z02tqAtUc2QJ/5nvzG6H8lCncmHJdww:F2tsHg5nvzG6H8lCcmHJdww
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4852 wrote to memory of 4356 4852 rundll32.exe rundll32.exe PID 4852 wrote to memory of 4356 4852 rundll32.exe rundll32.exe PID 4852 wrote to memory of 4356 4852 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36b65e3c304e3b88c5fda95f69bcd3f52adf4853a61c2e1fce8219d3206e9abe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36b65e3c304e3b88c5fda95f69bcd3f52adf4853a61c2e1fce8219d3206e9abe.dll,#12⤵PID:4356