Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
94d1aa646a00a59b67092180111b88f2c2c6795f88d04c623ad5de32745cf842.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
94d1aa646a00a59b67092180111b88f2c2c6795f88d04c623ad5de32745cf842.dll
-
Size
1.8MB
-
MD5
468335cd639e7d68a107e221107ef100
-
SHA1
f86f446e6f06437f0408a0f0d40eddf11539661a
-
SHA256
94d1aa646a00a59b67092180111b88f2c2c6795f88d04c623ad5de32745cf842
-
SHA512
abc3dd904a5e9fa910826ec17ba23760c844a958c4106647f864c9e45cdfc8272b37e02bc8aa67f013d5090316c29700670840d2f51dfdb07a3ef2b3b81f7763
-
SSDEEP
49152:hZxMZzfVWRIEmDfRAVvi+mA/mlLTRx4tiGvFfJpjyuiV6MusRMRnO1m5N1+otydG:hZxMvWROV6MubnydYstFixz6f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1832 wrote to memory of 1680 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1680 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1680 1832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94d1aa646a00a59b67092180111b88f2c2c6795f88d04c623ad5de32745cf842.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94d1aa646a00a59b67092180111b88f2c2c6795f88d04c623ad5de32745cf842.dll,#12⤵PID:1680