Analysis
-
max time kernel
90s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
24ef1cc7af6291b5a10e119926ffa0cf96e8f885217302b08785a8634dbcc639.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
24ef1cc7af6291b5a10e119926ffa0cf96e8f885217302b08785a8634dbcc639.dll
-
Size
2.4MB
-
MD5
c132574661711881d3b456dfac3179c8
-
SHA1
df20ade6ad63417a103240ef5605da6df8d5c564
-
SHA256
24ef1cc7af6291b5a10e119926ffa0cf96e8f885217302b08785a8634dbcc639
-
SHA512
8e39395793f559461e9144b68168bf58557c92ad1b953631b8949dbb886ca93e05513c9f2b422e18efebf68eeeafd23deb3b3dae6dd9b122c6e7da2bb847e25a
-
SSDEEP
49152:1ANamaY7XgUFJW08wckqLTwurBwQREAS:1xmaY7XgAeQOTwur1KAS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1816 wrote to memory of 3544 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 3544 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 3544 1816 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24ef1cc7af6291b5a10e119926ffa0cf96e8f885217302b08785a8634dbcc639.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1816 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\24ef1cc7af6291b5a10e119926ffa0cf96e8f885217302b08785a8634dbcc639.dll,#12⤵PID:3544