Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:37
Behavioral task
behavioral1
Sample
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll
-
Size
51KB
-
MD5
0df7850634165b0d20c11255f96afc6c
-
SHA1
1faf9f41e619285de84534a2bb5fdcf6093f6556
-
SHA256
2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f
-
SHA512
0946ccee58b6425b8f638e5f58bad5041d89e5ae949f111ea0a4bc293b6697b5192a60842a94286474c27bd60a4590343faa75333d71694704817b9d492ff6e9
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLxJYH5:1dWubF3n9S91BF3fbo1JYH5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4280 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2828 wrote to memory of 4280 2828 rundll32.exe 88 PID 2828 wrote to memory of 4280 2828 rundll32.exe 88 PID 2828 wrote to memory of 4280 2828 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2828 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc90226c7a77d9f706f063fb11acdc873ab761988561dc63998c73742d94c0f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4280
-