Analysis
-
max time kernel
136s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
df82b120d734080e034d1c73dc8aa606c17cefa39c6ab7a5cda5ae8d9bc24889.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
df82b120d734080e034d1c73dc8aa606c17cefa39c6ab7a5cda5ae8d9bc24889.dll
-
Size
62KB
-
MD5
0d79121feb8d821349ed488feb7b6e70
-
SHA1
0e7cbeb44a5e6c6cc02a1acc3cac5a8c87607ea0
-
SHA256
df82b120d734080e034d1c73dc8aa606c17cefa39c6ab7a5cda5ae8d9bc24889
-
SHA512
173a894eb310666157d0d5001aab5b0ff94219c0f8089e572d5047bff173f1c4771582dbe0fb8ea292e563b55dfad9d0569e63f54b77a83a6781132a0b20e889
-
SSDEEP
1536:WV/rT2FeXx6V4xhvZEv5OE78oB8pQ52Zkz952:WhNrw5OwB8pZkz95
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4384 wrote to memory of 3332 4384 rundll32.exe rundll32.exe PID 4384 wrote to memory of 3332 4384 rundll32.exe rundll32.exe PID 4384 wrote to memory of 3332 4384 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df82b120d734080e034d1c73dc8aa606c17cefa39c6ab7a5cda5ae8d9bc24889.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df82b120d734080e034d1c73dc8aa606c17cefa39c6ab7a5cda5ae8d9bc24889.dll,#12⤵PID:3332