Analysis
-
max time kernel
0s -
max time network
8s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-03-2024 00:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
afdae9d9181e38dfae7f6b25d94e19ce.dll
Resource
win7-20240221-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
afdae9d9181e38dfae7f6b25d94e19ce.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
afdae9d9181e38dfae7f6b25d94e19ce.dll
-
Size
188KB
-
MD5
afdae9d9181e38dfae7f6b25d94e19ce
-
SHA1
25b707e537d404edd075dca68714302d6f30e185
-
SHA256
a8513a6ad49d3d2af677dc5a4e3d485999b2de4a8f0cac96dbbde28eea9b2b2d
-
SHA512
c6c78263cf97709c810cfdcfd52e7e321ef21621699a72a946ca7b3906285110c62d07ee3c8bc1d0e942635ff40fad1568d6bda65a058f6ddf5449ebe87cdd2b
-
SSDEEP
3072:bA8JmK7ATVfQeVqNFZa/9KzMXJ6jTFDlAwqWut5KZMzfeAAAoSo:bzIqATVfQeV2FZalKq6jtGJWuTmd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4168 wrote to memory of 1092 4168 rundll32.exe 89 PID 4168 wrote to memory of 1092 4168 rundll32.exe 89 PID 4168 wrote to memory of 1092 4168 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\afdae9d9181e38dfae7f6b25d94e19ce.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4168 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\afdae9d9181e38dfae7f6b25d94e19ce.dll,#12⤵PID:1092
-