Analysis
-
max time kernel
91s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
851fb5cad61b8de7ad6ef923b9372d92a62f1c12de2d17cb53100bdff738624c.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
851fb5cad61b8de7ad6ef923b9372d92a62f1c12de2d17cb53100bdff738624c.dll
-
Size
190KB
-
MD5
f96f00fa659b589a7fafe600e8336ebf
-
SHA1
3af189d2a1bf22413f684411f3e9db66bfb9cae5
-
SHA256
851fb5cad61b8de7ad6ef923b9372d92a62f1c12de2d17cb53100bdff738624c
-
SHA512
55b9f023f676ef2a691e66f01ab8deceed8780b3bd02cd0b794f085b05985c79e8d30c87084b97db46aa206ef910af92f8766228162c04b8e049ba314d7ae758
-
SSDEEP
3072:nU/ibmfwOv9aOawOWE8Voluv9RjkFWXeI5EwuEM4r27xo:nU/ijOv9a15WBClubj6rSDuEM4r27
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1520 wrote to memory of 4480 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 4480 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 4480 1520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\851fb5cad61b8de7ad6ef923b9372d92a62f1c12de2d17cb53100bdff738624c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\851fb5cad61b8de7ad6ef923b9372d92a62f1c12de2d17cb53100bdff738624c.dll,#12⤵PID:4480