Analysis
-
max time kernel
133s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
751464ab86683e35cd05ff700e73b0e3.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
General
-
Target
751464ab86683e35cd05ff700e73b0e3.dll
-
Size
136KB
-
MD5
751464ab86683e35cd05ff700e73b0e3
-
SHA1
fe964f20bd5547a652b1547c84340cb9898b6392
-
SHA256
59cd648d8519ae67d7f3d6ee55aaa94b6f9f1715fcebad91b7bb1dc619e56ce8
-
SHA512
0595eaba725bf8e60303e329ecb2f81ee16aec5a7121df93d9fecec4646d036d2ea11f54db38f6385df7af179bd1bb7df2ec166eaf6d5c87ae7b5f6efbf9b1c9
-
SSDEEP
3072:+yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logye:+yqUkUeaaclD5WRTOygr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1584 wrote to memory of 4852 1584 rundll32.exe rundll32.exe PID 1584 wrote to memory of 4852 1584 rundll32.exe rundll32.exe PID 1584 wrote to memory of 4852 1584 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#12⤵PID:4852