Analysis
-
max time kernel
93s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
de4fc9d493fd09a4dcfa1620e8a7b3ee6434e9563adf5bb268054364d31d4ca1.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
de4fc9d493fd09a4dcfa1620e8a7b3ee6434e9563adf5bb268054364d31d4ca1.dll
-
Size
3.5MB
-
MD5
5947f407529d2b6bfe25921fcf385d01
-
SHA1
1f2c00ec2b6ddef131f4122b7930309f5468a0b3
-
SHA256
de4fc9d493fd09a4dcfa1620e8a7b3ee6434e9563adf5bb268054364d31d4ca1
-
SHA512
77ff0510b84500cb15788683436e053dbd1c44a085ca2c7cc3b27f4aabc93383a0f6e4dc7b48dd9b67dca69fed97fdfb50ea198457b6ab1fa69f77670080f842
-
SSDEEP
49152:ssQTBKyweUwq6rN9+dwGeU02WR6FMKs/HzzVK08nLDn/0JA/XAZWHK:0/UzOzz6ncJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4004 wrote to memory of 3492 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 3492 4004 rundll32.exe rundll32.exe PID 4004 wrote to memory of 3492 4004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\de4fc9d493fd09a4dcfa1620e8a7b3ee6434e9563adf5bb268054364d31d4ca1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\de4fc9d493fd09a4dcfa1620e8a7b3ee6434e9563adf5bb268054364d31d4ca1.dll,#12⤵PID:3492