Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll
-
Size
2.5MB
-
MD5
4141b3d7d91fae89b3a0eac775530963
-
SHA1
d84531ea772568d23a7a02d80d496a96c0fa01ce
-
SHA256
76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a
-
SHA512
d63d917dad797a81f6024cb316364f5c0b7fe4ef56c7d0293ef3f3a84890a37b9f4a4a9ccd4056e967df5c83ba6ad1140c010707107084e4deca90eadfd003d9
-
SSDEEP
24576:ZSN4tLocHLaC03NOK+TVl5HIA2zhMRBIl8:3tz03NOK+TVTHIA2zhMRBIl8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 456 wrote to memory of 4132 456 rundll32.exe rundll32.exe PID 456 wrote to memory of 4132 456 rundll32.exe rundll32.exe PID 456 wrote to memory of 4132 456 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\76c0ff5a9ed91792f8a35737a14e82ad4675e34d0436ee8f821a129f3157383a.dll,#12⤵PID:4132