Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 02:14
Behavioral task
behavioral1
Sample
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll
-
Size
899KB
-
MD5
84c14cc427ada7864a0a78ab81dcddd7
-
SHA1
453193b50c393c03cbee36c174c81a37fba14cb3
-
SHA256
64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43
-
SHA512
5997e6250b517795dfee1b11034c8d3d1aa338a1d9077215d2679dfb728e8f6925664942d04bce84a70b86fdd10cf97b50a7647f17009da6d03bb5b4748f976a
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXh:7wqd87Vh
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 4460 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1064 wrote to memory of 4460 1064 rundll32.exe rundll32.exe PID 1064 wrote to memory of 4460 1064 rundll32.exe rundll32.exe PID 1064 wrote to memory of 4460 1064 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64f3c25d9e491b12ef006416eb1feb3ee9c9572114139ce2fe5302f7375cdd43.dll,#12⤵
- Suspicious behavior: RenamesItself