Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74ed6fee9f5713859a6aa75494ce901e.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
74ed6fee9f5713859a6aa75494ce901e.dll
-
Size
57KB
-
MD5
74ed6fee9f5713859a6aa75494ce901e
-
SHA1
3aaac41035d5a27b561b95ed76d8dfcb4bdd7066
-
SHA256
a29dff08ea24e6d43ebbcb090e8e3898a766918245819bfb2e46ebea3ed09c81
-
SHA512
5f95b8fe149840a613001c8bbf8af5640e9ba2c2ce75e7401e8c0c47f687388fbddb26c824aa6e6baa753b7cd42666371c22d6e35ba3120fc318e7b85e7e8e9d
-
SSDEEP
1536:hr7OaFCsK5Ehd0tkrpVUEkJ+H0jYJqXoxHOTMdtg:tOaY5m2Kr0EUG0jxX6OQ3g
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 980 wrote to memory of 2360 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 2360 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 2360 980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74ed6fee9f5713859a6aa75494ce901e.dll,#12⤵PID:2360