Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:42
Behavioral task
behavioral1
Sample
d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51.dll
-
Size
899KB
-
MD5
ba2a614666af91c5f0921faddf13957b
-
SHA1
21a9baa7c4887a2c7fdb5fbdccf42f4567d515cd
-
SHA256
d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51
-
SHA512
e3e0b37d2942e29531a8b7be92d696ca3ad486b113a746207bb4fbc95bb72634aa5fc9b5ab9e05c934db2d124538f1d28aa562eca904befeb80d8b28a1096da8
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXM:7wqd87VM
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2128 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4232 wrote to memory of 2128 4232 rundll32.exe 86 PID 4232 wrote to memory of 2128 4232 rundll32.exe 86 PID 4232 wrote to memory of 2128 4232 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4232 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d240da440673332224bb33ac537913aa7b5c52d3d70dc1e4e95c454b59d22b51.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2128
-