Analysis
-
max time kernel
149s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 18:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c15b3229694fe74efb43e45c5ce6aa4e.dll
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
c15b3229694fe74efb43e45c5ce6aa4e.dll
Resource
win10v2004-20240226-en
3 signatures
150 seconds
General
-
Target
c15b3229694fe74efb43e45c5ce6aa4e.dll
-
Size
46KB
-
MD5
c15b3229694fe74efb43e45c5ce6aa4e
-
SHA1
288926a3ca23e0094b380e66091b0a1ede555af5
-
SHA256
1bef6c2298faf8a1550b145f2ee5c049a4733d10d19fcbe8bc67f275a583881b
-
SHA512
fa0210275bc1cf26b0e87056ec03108eb7cc792099efb6e3d4e8af4239fc873ce46e060660d9e5e6da6b85fc449cb873f073a701be7e37a42a9e73951218a267
-
SSDEEP
768:3SDMqQtpRQjmWKg07QyptqJDMWsBW+TD7KHLuxpu7JiVPPlGkGNpj5nw7Y:iDMqapRQ+ZPawWGDWHLsGJi3Gnbn5
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 1 IoCs
description ioc Process File opened for modification C:\Program Files\Wizet\Maple\npkcrypt.dll rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 872 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 400 wrote to memory of 872 400 rundll32.exe 93 PID 400 wrote to memory of 872 400 rundll32.exe 93 PID 400 wrote to memory of 872 400 rundll32.exe 93
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c15b3229694fe74efb43e45c5ce6aa4e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:400 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c15b3229694fe74efb43e45c5ce6aa4e.dll,#12⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1428 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵PID:4064