Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:40
Behavioral task
behavioral1
Sample
be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9.dll
-
Size
899KB
-
MD5
c9abed4888393fc0c4f63c4ddc58c7d4
-
SHA1
1eaaf14ab64d08917f51e267be3d00286108bbfd
-
SHA256
be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9
-
SHA512
65c1bba81998afa8367f901bd07c5207c7f2932eb18eade97b7b78b806b24337d7de07ff0689693f16af8a8c9aeedebb2b65d337c27116d959a3af59b1f11b92
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXh:7wqd87Vh
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4940 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 732 wrote to memory of 4940 732 rundll32.exe 85 PID 732 wrote to memory of 4940 732 rundll32.exe 85 PID 732 wrote to memory of 4940 732 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be68aacceebaacaa01c4cc00db53d7b15cf55165a3db1d9dc136097df293cae9.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4940
-