Analysis
-
max time kernel
136s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
53105ad999deb86a620a5d68d6372191458fbe813d9527330d862c09b6c2b5fe.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
53105ad999deb86a620a5d68d6372191458fbe813d9527330d862c09b6c2b5fe.dll
-
Size
729KB
-
MD5
5c1db75119eb64df87b071fbe92d6ba2
-
SHA1
a21cc7b8d4c84d500d7d4b8eaf9e66bf8e92739b
-
SHA256
53105ad999deb86a620a5d68d6372191458fbe813d9527330d862c09b6c2b5fe
-
SHA512
632cc1136770bcee555539192e2019c6d423f898e5e3787cce1803b82e4ff5e127bebc3715e33ebec27e61f9960c3d66a377087d130a1919eb3b5861f5758acc
-
SSDEEP
12288:aCFaiyJm0cvoFTLi8Pmbt7YgQZTF72NSzdq9gg0P84Xel6+dSqrcAmXZ287VbMq8:hYih3uTRFFZrudx
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3624 wrote to memory of 3880 3624 rundll32.exe rundll32.exe PID 3624 wrote to memory of 3880 3624 rundll32.exe rundll32.exe PID 3624 wrote to memory of 3880 3624 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\53105ad999deb86a620a5d68d6372191458fbe813d9527330d862c09b6c2b5fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\53105ad999deb86a620a5d68d6372191458fbe813d9527330d862c09b6c2b5fe.dll,#12⤵PID:3880