Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll
-
Size
724KB
-
MD5
39cf448c556a2cd2aa1cb6e6220857e9
-
SHA1
bd5001edefca0bcef3ec3cec39c999cdf25d2ff8
-
SHA256
cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1
-
SHA512
4ff1e1fb3f31abfc41583c92f7db3fc19a71383bed39be3b7c6f9cabab40d575ebaf575bca18d343862ff33e445c2122823bea489b8f90b3ee88a1e81069b1d3
-
SSDEEP
12288:qlsyXE2GemaPufRhta1ioZ4/H3KsUbTNwHP:qlsyXE2G3aUwZLbTuH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 368 wrote to memory of 1156 368 rundll32.exe rundll32.exe PID 368 wrote to memory of 1156 368 rundll32.exe rundll32.exe PID 368 wrote to memory of 1156 368 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:368 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc2398a7e8728ad89ee0f01df79f60dec62e7a4aecd71e3856ff2b3bccb7fc1.dll,#12⤵PID:1156