Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6696425c1c2c299e22974cfebaef98c7cf57e902b14a649e37ba8d845bef035a.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
6696425c1c2c299e22974cfebaef98c7cf57e902b14a649e37ba8d845bef035a.dll
-
Size
329KB
-
MD5
26085e74a55b52abd1dd01078a134468
-
SHA1
02e2528475cd3c96d4a085ee3020f795166d1c9d
-
SHA256
6696425c1c2c299e22974cfebaef98c7cf57e902b14a649e37ba8d845bef035a
-
SHA512
7b44748733840ce5c1c27f8fefad60fff8c367678dd6b3bba8ae2b407199bd1e3e1f5c2409e3182bc74bd57d36bb37cda3ef7856eb6c8d4c43888f4e5ff4c4ff
-
SSDEEP
6144:aF2Ix85CzddJK216gQQjjrAYuerAO7AOJxvi:aUIxHdd516fQjjrAYuert5i
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4744 wrote to memory of 3776 4744 rundll32.exe rundll32.exe PID 4744 wrote to memory of 3776 4744 rundll32.exe rundll32.exe PID 4744 wrote to memory of 3776 4744 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6696425c1c2c299e22974cfebaef98c7cf57e902b14a649e37ba8d845bef035a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4744 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6696425c1c2c299e22974cfebaef98c7cf57e902b14a649e37ba8d845bef035a.dll,#12⤵PID:3776