Analysis
-
max time kernel
93s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll
-
Size
81KB
-
MD5
8259f5443dddb580a06dc5eed44c854e
-
SHA1
a1b161514e9188c2ba61ad0ed9365814a2bcef65
-
SHA256
d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f
-
SHA512
20db4e820dffd0b7d4301937792b15701a67db5b9b9b2fb47c2198cd451d5f86b4883b928b1af3b3d3d9a0c3bbb23147b678f3eb0b3f47ed48118bbbb6af5fba
-
SSDEEP
1536:UPkgGEKs3PC22cx9ikjlf18Drjf+KYW17Bx78fL2N4C7OWQ+DEOUH4zaGjH:kdxfV9ikjlkrjfJYWtwC7VQ2vzak
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1604 wrote to memory of 636 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 636 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 636 1604 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d2c55ea9b3c866679630b58820324f6819c421ec6aa288db8eb25263f176011f.dll,#12⤵PID:636