Analysis
-
max time kernel
140s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1ddaefddddf27148a66054aa4ae3f7e38ddc72daebd67b7aab040c7602dbb174.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1ddaefddddf27148a66054aa4ae3f7e38ddc72daebd67b7aab040c7602dbb174.dll
-
Size
1.1MB
-
MD5
fb91af68049f9a534b1a2d8e18f83074
-
SHA1
01c30a3be8bfe25d1abab4ed0e3baf1c837f7906
-
SHA256
1ddaefddddf27148a66054aa4ae3f7e38ddc72daebd67b7aab040c7602dbb174
-
SHA512
ce5694c6f790c1f9bba434de6f948719f89794258e7739bd46aae042f543d8992b65326d421da9e5bd9449f3c544e2ffea0ae3338d2aeb1d6da9439662422f99
-
SSDEEP
24576:/GvCKwR6KEuxJ26k1Xo+oZKwzrUuOHswGl4GSkZ0ZbTuH:yCKwR6KEuxJ26kVo+bmrUuOMwGl4GSkf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 568 wrote to memory of 772 568 rundll32.exe rundll32.exe PID 568 wrote to memory of 772 568 rundll32.exe rundll32.exe PID 568 wrote to memory of 772 568 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ddaefddddf27148a66054aa4ae3f7e38ddc72daebd67b7aab040c7602dbb174.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ddaefddddf27148a66054aa4ae3f7e38ddc72daebd67b7aab040c7602dbb174.dll,#12⤵PID:772