Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2024 15:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a224157a9fe7df4ab2539b7f713122df.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
a224157a9fe7df4ab2539b7f713122df.dll
-
Size
231KB
-
MD5
a224157a9fe7df4ab2539b7f713122df
-
SHA1
a20e3f4045420945bcc93d7066e81f869238fc16
-
SHA256
25d9002804c315ab26f8e1c6adbc31fcce8ac1b2fb00272d87763a0aef20b601
-
SHA512
ec33b325ac7615a86eae9a3676b107cedb932cd7b14f14f961237280915b55ce8ffdaad5b7cb99fc741f87240a060a0319ad92a6db1d95ffe923f96515e3ee2a
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Z:jDgtfRQUHPw06MoV2nwTBlhm8x
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4896 wrote to memory of 2560 4896 rundll32.exe 85 PID 4896 wrote to memory of 2560 4896 rundll32.exe 85 PID 4896 wrote to memory of 2560 4896 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a224157a9fe7df4ab2539b7f713122df.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4896 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a224157a9fe7df4ab2539b7f713122df.dll,#12⤵PID:2560
-