Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll
-
Size
538KB
-
MD5
24964e8198616799fa5ec4aa61032b33
-
SHA1
711bcdf28eec061339aa4f61a8dd3093d29255c9
-
SHA256
4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3
-
SHA512
718ed1ce067158a158f8c957b529611774bf1834111a07cb37e690000f77af73111b831c1d47af9ee5226707ec18248d2e821c27b8c1106e5656f6d3815ae9e5
-
SSDEEP
12288:wEKMaWRIDTTr599FrQzxEcpPuQEyEqYuTt0jB:x7yTTr59frQ1Eq5lDTt0jB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4892 wrote to memory of 720 4892 rundll32.exe rundll32.exe PID 4892 wrote to memory of 720 4892 rundll32.exe rundll32.exe PID 4892 wrote to memory of 720 4892 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a417026988ba3385d43043a8acb6ea95b4503c5328084d031a577661b448ce3.dll,#12⤵PID:720