Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll
-
Size
257KB
-
MD5
e4a0068ecc898d06b5088f4695c7e2b5
-
SHA1
53be78c7a24fe555189ce0f0a1a7517de9debf9c
-
SHA256
305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231
-
SHA512
23fc17d1bce3bbe3f4ebf524acbd342f57743754b9db67c10fe97fe8e24923483f2165025e1d9257e7eaa4354533a7bc7366fa6e0882f9ffc89bf36b3020a03e
-
SSDEEP
6144:rQfmwXth8+ll5Ut6IFyzMcrTjGZ5nEy/NA:Ar8+lPUt6pwcrTjGrvA
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2376 wrote to memory of 1864 2376 rundll32.exe rundll32.exe PID 2376 wrote to memory of 1864 2376 rundll32.exe rundll32.exe PID 2376 wrote to memory of 1864 2376 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\305dd26bae6247e878562d229517fe12236f2858cd7c67b2ed0b4812f776c231.dll,#12⤵PID:1864