Analysis
-
max time kernel
139s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-03-2024 18:23
Static task
static1
Behavioral task
behavioral1
Sample
253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0.dll
Resource
win10v2004-20240226-en
General
-
Target
253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0.dll
-
Size
342KB
-
MD5
3e51dd5bbdf3c85c1f99474e8568276a
-
SHA1
2a694710ac1df25c66236e66320f32962387e0e4
-
SHA256
253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0
-
SHA512
52b211ecdad584ce02db2ffcb974bb3dc6ed19829fb03c0b9824dbe45e1a4fa93e40eca727abbe5a027c07789513b816ac905ce406f335f6a900b228d8fdd5e8
-
SSDEEP
6144:NRoOpXN8bEvZehNyi5qlscXsKCkSLjn7WQDilmvWpJJvEiY:NRoOpXCjNwlscXeJikilmvYEiY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3964 wrote to memory of 1536 3964 rundll32.exe 86 PID 3964 wrote to memory of 1536 3964 rundll32.exe 86 PID 3964 wrote to memory of 1536 3964 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\253a5a626e96e7882715c01941347dd4fad65ced223918ce7e6b96df1e988aa0.dll,#12⤵PID:1536
-