Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:22
Behavioral task
behavioral1
Sample
fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e.dll
-
Size
51KB
-
MD5
58cd3657ca67103544082a35a1e4ef07
-
SHA1
0510e4ad4f6b62a5b87c3f84b86533537a08c3ae
-
SHA256
fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e
-
SHA512
aba5f3465bca4bb1452032907f0274b8cdeeb7802421c4beb4480484185c63e42a38b09939331ff95d76c219cb15e68747c923800bc04f992344a2ebb4957f05
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLIJYH5:1dWubF3n9S91BF3fbokJYH5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1076 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1092 wrote to memory of 1076 1092 rundll32.exe 84 PID 1092 wrote to memory of 1076 1092 rundll32.exe 84 PID 1092 wrote to memory of 1076 1092 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fcb77256cb9d11a8b844aa20a8b04ca47f95916104318315c9f65683c3d55b0e.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1076
-