Analysis
-
max time kernel
139s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
632372b92e7059a9c0b4a0fad204c5d6fa6b1b05da3c54535b6750c430172eed.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
632372b92e7059a9c0b4a0fad204c5d6fa6b1b05da3c54535b6750c430172eed.dll
-
Size
79KB
-
MD5
640d27f26bd99c04e6918b37a98ebcd0
-
SHA1
e5b8787e1ea9739634ab098432b8c034dbe4ecb7
-
SHA256
632372b92e7059a9c0b4a0fad204c5d6fa6b1b05da3c54535b6750c430172eed
-
SHA512
f902827f73aa113550368a47dd3aaee1103d20873f4db1b418c2186e31b13d097f104017ff38881c1a0d9ffbde563a7af52846c597aa58ff5771e1d8b7ce42be
-
SSDEEP
1536:kJxikn6DzDzoGGH3rRW3l5LPD3f1OuE9wHr2k:kJxiXkXV6l533f1OuE9e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2320 wrote to memory of 3496 2320 rundll32.exe rundll32.exe PID 2320 wrote to memory of 3496 2320 rundll32.exe rundll32.exe PID 2320 wrote to memory of 3496 2320 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\632372b92e7059a9c0b4a0fad204c5d6fa6b1b05da3c54535b6750c430172eed.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\632372b92e7059a9c0b4a0fad204c5d6fa6b1b05da3c54535b6750c430172eed.dll,#12⤵PID:3496