Analysis
-
max time kernel
90s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll
-
Size
2.3MB
-
MD5
35b2a14f4100c7a1cb98f85b7cc9d8e3
-
SHA1
3df613adc29283d2f2d1463bbbb0b4561b609d99
-
SHA256
97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7
-
SHA512
0ab23c349ed79618ffe73422856f5d2d6d1f3e5b5299ff5bd4d4b55e4b5576b1ccf90acf8cd262c37c9d248948181e8cdbcf904ec966b87feeb75d8666a994f7
-
SSDEEP
24576:fvQbmb3JN+jh2K7LxGI5iRkCEZnT1mBuJkYo8+U+:fTbBK7FGI5iRkCEZnT1mBuJkYo8+U+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4736 wrote to memory of 4716 4736 rundll32.exe rundll32.exe PID 4736 wrote to memory of 4716 4736 rundll32.exe rundll32.exe PID 4736 wrote to memory of 4716 4736 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f00241952bb3f1ede142afbd36c902622faf421ff75f2bfd945d63c143c8b7.dll,#12⤵PID:4716