Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:37
Behavioral task
behavioral1
Sample
d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e.dll
-
Size
51KB
-
MD5
445da39b3035227298302e8f2a1ef5d7
-
SHA1
2e865d89638e564e00e0b9d620540eae0776ba25
-
SHA256
d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e
-
SHA512
b5457bb0d0f0bcac6011c192a1f364c08a7db900e99b31ee5808eac2d4b63ace187b9f6e164606c0ff3ed2ba7fcb818b7f04d4267eee15f9b70cb5a148bd8f67
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLOJYH5:1dWubF3n9S91BF3fboiJYH5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4292 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3468 wrote to memory of 4292 3468 rundll32.exe 85 PID 3468 wrote to memory of 4292 3468 rundll32.exe 85 PID 3468 wrote to memory of 4292 3468 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d86dd00b427ab53c6c5359a71fb5f6963ddea550eeff403c1204dcd0047c715e.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4292
-