Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 22:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
657d3745b790d760e1e457e965dbcea0e2881c3cd6d29ffd5bde156c3222cefa.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
657d3745b790d760e1e457e965dbcea0e2881c3cd6d29ffd5bde156c3222cefa.dll
-
Size
181KB
-
MD5
de03adcb2cf60b8fbee2992c812d683b
-
SHA1
f4509af323aa23032265b29e8efc2eb0d388b887
-
SHA256
657d3745b790d760e1e457e965dbcea0e2881c3cd6d29ffd5bde156c3222cefa
-
SHA512
095e38feaf22895d99fb6458e324677efee6b6efd9e791e440cac7ec6691d1acfced1cec4f883efb59b5924d17624ca69167c88b7beb930f3cd25eaf707317b2
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q08:jDgtfRQUHPw06MoV2nwTBlhm8E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1848 wrote to memory of 1680 1848 rundll32.exe 83 PID 1848 wrote to memory of 1680 1848 rundll32.exe 83 PID 1848 wrote to memory of 1680 1848 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\657d3745b790d760e1e457e965dbcea0e2881c3cd6d29ffd5bde156c3222cefa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\657d3745b790d760e1e457e965dbcea0e2881c3cd6d29ffd5bde156c3222cefa.dll,#12⤵PID:1680
-