Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1bc6d6de146fffda6b4d849259f72b5066719f40193844347fc02d816c412126.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
1bc6d6de146fffda6b4d849259f72b5066719f40193844347fc02d816c412126.dll
-
Size
1.5MB
-
MD5
fe944a0521fc10c2fedf0849d9a8597a
-
SHA1
6043aac585212d6956f1a89d5fb7f621cc3e5486
-
SHA256
1bc6d6de146fffda6b4d849259f72b5066719f40193844347fc02d816c412126
-
SHA512
fc42619a52132be4fbe05757edb804fee23b12f40f33530d0fb2d9413c2a95c511bbe1e81b26e2297e0eb74fc0041bdb2152c40378ab3e7a481bd770228132fb
-
SSDEEP
24576:0//AN3BJqIBOY6yWJoFjCyI9fBqyu+yI2QvcLmmFbzHZG5zbTuH:0XAN3BJqIBOY6yjFjIfBA+UQkrbjZhH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3540 wrote to memory of 4652 3540 rundll32.exe rundll32.exe PID 3540 wrote to memory of 4652 3540 rundll32.exe rundll32.exe PID 3540 wrote to memory of 4652 3540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc6d6de146fffda6b4d849259f72b5066719f40193844347fc02d816c412126.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1bc6d6de146fffda6b4d849259f72b5066719f40193844347fc02d816c412126.dll,#12⤵PID:4652