Analysis
-
max time kernel
137s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll
-
Size
2.3MB
-
MD5
e8609a77b7ab60b1e93bb2e6c4a3b36d
-
SHA1
7fcac00e8436fc935a95c2ba0822bb7c83350778
-
SHA256
8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5
-
SHA512
6306f10edf178c5786ae82162ef88799704afd8d6cf84618181e8ad0b1c5f0662ae4442037eb41ca0476be730c10ca47a410372b64a5765901f8495e51f04f5c
-
SSDEEP
24576:lKeoja6BJIHBpiN+++ulHOWJc1/4QBx5uCy:lK3IHBp4X+ulHOWJc1/4QBxICy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3328 wrote to memory of 1032 3328 rundll32.exe rundll32.exe PID 3328 wrote to memory of 1032 3328 rundll32.exe rundll32.exe PID 3328 wrote to memory of 1032 3328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8749347a75014b15d203fc6976c5924ebf46adb4800270e36d8237f3519e0da5.dll,#12⤵PID:1032