Analysis
-
max time kernel
91s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll
-
Size
59KB
-
MD5
acb3960b616f3194bab7c6997bdfe1ae
-
SHA1
09cea34ab57ad6be064166dbceb71dc20d626c01
-
SHA256
40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec
-
SHA512
eb808b0673fd914948d454ffc1c8fbd837ec8b95cc91ca060464e10be6da32649f7612eb70c3030f73c9aa9436410116fc24b93807a7757a457973eda945ecc7
-
SSDEEP
768:5pIcFo7LE72qe72ax8/ksHbTdhXEPt9O3amHpQRL+AYzOEHTL8MF5PaDp1ur29O:5pE/Gde2wQHbh8t5mJoSAALBF5Peuri
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4480 wrote to memory of 3124 4480 rundll32.exe rundll32.exe PID 4480 wrote to memory of 3124 4480 rundll32.exe rundll32.exe PID 4480 wrote to memory of 3124 4480 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40eb57ae6d3433a9840602376d3e30ffd493d62557ae67130594544d3e7fd4ec.dll,#12⤵PID:3124