Analysis
-
max time kernel
94s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
875adbc2ccd27c7dbd8c48f21c178772b2e61936727c471cf5facc8c40359105.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
875adbc2ccd27c7dbd8c48f21c178772b2e61936727c471cf5facc8c40359105.dll
-
Size
983KB
-
MD5
01bf7ccc534bff0b6d42637a12d32b1e
-
SHA1
a563456f2b19ff7760f12d461db93f8bb96e6b00
-
SHA256
875adbc2ccd27c7dbd8c48f21c178772b2e61936727c471cf5facc8c40359105
-
SHA512
86bfaa5e6637045d6d618740e2055e5a07c6e14802e8382c360d47db3d7d6d5f93a2a4c9c345752e69d81e984363f87504ae58fd0f342eaed6439344289f26c2
-
SSDEEP
24576:H4oAM4/ZUMeOnoOWtgaiBSC3aVvZVbTuH2Q:nBMNP8gs/vZMH2Q
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3480 wrote to memory of 3348 3480 rundll32.exe rundll32.exe PID 3480 wrote to memory of 3348 3480 rundll32.exe rundll32.exe PID 3480 wrote to memory of 3348 3480 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\875adbc2ccd27c7dbd8c48f21c178772b2e61936727c471cf5facc8c40359105.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\875adbc2ccd27c7dbd8c48f21c178772b2e61936727c471cf5facc8c40359105.dll,#12⤵PID:3348