Analysis
-
max time kernel
140s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll
-
Size
4.2MB
-
MD5
6ef2d1efc6e761f75636142a2c97b338
-
SHA1
e9b0e9d90a1f71034b183e95ed44f8b83a3223d7
-
SHA256
3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01
-
SHA512
4f104488fe38830cf2a7ce831112559d298e065a4b7f67274d44817e16dc2070cbb58790912f95f1544ee316f62dcbf4ca11b7a88998aaa98f77742989416b59
-
SSDEEP
98304:QSPoqTClkK2h0F9FuUlcmCNvnYPGTjda2RkQAz5cMZ6BBsu:QSPoEClkKDjFuUNmYPyRRAz5zsBs
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 216 wrote to memory of 4816 216 rundll32.exe rundll32.exe PID 216 wrote to memory of 4816 216 rundll32.exe rundll32.exe PID 216 wrote to memory of 4816 216 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fad3120166dbfd975bae812e4ae6e09bb251f80f44fbacd8740f2e70da78e01.dll,#12⤵PID:4816