Analysis
-
max time kernel
90s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
General
-
Target
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll
-
Size
781KB
-
MD5
76f188e59e4f5b4622bc359c7135d6c8
-
SHA1
44eea3b792514b6dc1016d93a429995231b9af33
-
SHA256
258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20
-
SHA512
47e912391290fe1d0e87c782a6e0c9721ff4831e8395591ac8958832fbff51157cf6927a5c56214a538ee2a74a96f72d7faedfd5d88be690c1dc54eb561198d4
-
SSDEEP
12288:EXW8QUvQMrz9SLItr2taMUQ3BucGOLVgzsmA74Y4VZGUFc:Z8NhSLItytaK3BuXOhgoqY4ZG
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 968 wrote to memory of 3668 968 rundll32.exe rundll32.exe PID 968 wrote to memory of 3668 968 rundll32.exe rundll32.exe PID 968 wrote to memory of 3668 968 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\258d48f104416de951847f141334aa5d98bd93b5c9a98d3ffbffbeda83e73e20.dll,#12⤵PID:3668