Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6977f02f5af46de365f6d301d14c56fab964b958529ff15aea1e98cd87885536.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
6977f02f5af46de365f6d301d14c56fab964b958529ff15aea1e98cd87885536.dll
-
Size
2.2MB
-
MD5
95b0ded0d5408022944933c7d7e96c9f
-
SHA1
551bb48f1c8d34fdc30068ec4af095b5162a6ae2
-
SHA256
6977f02f5af46de365f6d301d14c56fab964b958529ff15aea1e98cd87885536
-
SHA512
4ff3588ae838dd2290bbf4bb7200f30c0cbcb4f1a77a19212373dcabdd39347c210889222d754f0dbf9a26c5760270f0e76a40f7758c2f49cd8795a05f4a415f
-
SSDEEP
12288:BLWEJaoopd7gKkBjndO7/flYRCIcf02X3NJFVyAJtUWNS4f8yaBvk37sY3H/KG2Q:jJaf3gEf08R09s4u/h278N
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 348 wrote to memory of 1316 348 rundll32.exe rundll32.exe PID 348 wrote to memory of 1316 348 rundll32.exe rundll32.exe PID 348 wrote to memory of 1316 348 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6977f02f5af46de365f6d301d14c56fab964b958529ff15aea1e98cd87885536.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6977f02f5af46de365f6d301d14c56fab964b958529ff15aea1e98cd87885536.dll,#12⤵PID:1316