Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fb4f34faa44821619830b456a3524bafda82c554ef63c5d8fa4ff3c1bcf10a28.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
fb4f34faa44821619830b456a3524bafda82c554ef63c5d8fa4ff3c1bcf10a28.dll
-
Size
379KB
-
MD5
14f1394a1a035a2b9a6030f1ea760f63
-
SHA1
c24b0d23a76f5b323a2b9b1da80967cb46cd7b59
-
SHA256
fb4f34faa44821619830b456a3524bafda82c554ef63c5d8fa4ff3c1bcf10a28
-
SHA512
7a26ac25774054b4818952eeb8abeb15bec6653c851df29c657cefcb6ab65aeb3ad49f92fd2ef8c572a6b9a421d1d6ff6f80a2667634e6b27daf0eacf7a68f43
-
SSDEEP
6144:6r7K+hLKK5lOIdNe93d4UrZDlYGfXxSe/ZQZgYPjY1ZR:6ph+OY9dbrZDlYSxSnZgYP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1620 wrote to memory of 3396 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 3396 1620 rundll32.exe rundll32.exe PID 1620 wrote to memory of 3396 1620 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb4f34faa44821619830b456a3524bafda82c554ef63c5d8fa4ff3c1bcf10a28.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb4f34faa44821619830b456a3524bafda82c554ef63c5d8fa4ff3c1bcf10a28.dll,#12⤵PID:3396