Analysis
-
max time kernel
135s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8dae51155d2eb75a730fc649a9fe494fd515a429fd32191b18c239eda91f20a1.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
8dae51155d2eb75a730fc649a9fe494fd515a429fd32191b18c239eda91f20a1.dll
-
Size
406KB
-
MD5
6480046e8a7e576644449584e3259b1d
-
SHA1
10ea269810c084f278604ceef5189de2d0438ecd
-
SHA256
8dae51155d2eb75a730fc649a9fe494fd515a429fd32191b18c239eda91f20a1
-
SHA512
80bbf033d5dec2b5995f91f169d66064cd69a7085cf1227459784bdd1af1284bc4a2963cb7d5e5884aa7f9832b45124465da36eafd0166ebb417cc13f72bcc5e
-
SSDEEP
6144:MmGDjoHkszdn1VESWPKyYq4pHpuUb5p9TwHlM82t:A1szdPESWPPz42UbTNwHPo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3532 wrote to memory of 2440 3532 rundll32.exe rundll32.exe PID 3532 wrote to memory of 2440 3532 rundll32.exe rundll32.exe PID 3532 wrote to memory of 2440 3532 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dae51155d2eb75a730fc649a9fe494fd515a429fd32191b18c239eda91f20a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dae51155d2eb75a730fc649a9fe494fd515a429fd32191b18c239eda91f20a1.dll,#12⤵PID:2440