Analysis
-
max time kernel
123s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system -
submitted
18-02-2024 16:11
Static task
static1
Behavioral task
behavioral1
Sample
ATKEX.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ATKEX.dll
Resource
win10-20240214-en
Behavioral task
behavioral3
Sample
ATKEX.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
ATKEX.dll
Resource
win11-20240214-en
Behavioral task
behavioral5
Sample
TraceIndexer.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
TraceIndexer.exe
Resource
win10-20240214-en
Behavioral task
behavioral7
Sample
TraceIndexer.exe
Resource
win10v2004-20231215-en
General
-
Target
ATKEX.dll
-
Size
53KB
-
MD5
ed5b3b3a04e3ccc8ddc41e0691c6af38
-
SHA1
7ab5dc0750fa4d5953bf45b9de4b5261458b69fa
-
SHA256
9b0f2a4833461caabd4d44c53c31b719c80b7f44a92cff5c0fb01d83f7fa43cb
-
SHA512
ae89fa6db3ba270e0ba1cae0d0457441500dfc78a50a40b7d3a2e3fae99529690e3aaa05c8821115a0a4e41197a4a650a2a8b25f92fbcb50eed7a639119cd8ad
-
SSDEEP
768:G8HLbpnzrRiu5m+e8a0LrvGhvkkQCHyunDEDhcvS2nzmcSSSSw:G8rbpnzrdm+eiLjKvkKS4rJzTSSSSw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1572 wrote to memory of 4668 1572 rundll32.exe 72 PID 1572 wrote to memory of 4668 1572 rundll32.exe 72 PID 1572 wrote to memory of 4668 1572 rundll32.exe 72