Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:52
Behavioral task
behavioral1
Sample
26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091.dll
Resource
win7-20240220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091.dll
-
Size
899KB
-
MD5
88f58a5efb33d44ce6a43bf2375e5778
-
SHA1
570393a13bf1c3d715d6d5e5af06be88fa8edd2f
-
SHA256
26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091
-
SHA512
0694dc1cd99d6db1163402673c1ee959d87d9a0bc6e813016351a3e49007bf3a18d6944f037c6104f56a0243c05f298500aa176fe94a391c4f8a079dcd08b011
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXS:7wqd87VS
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4856 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1868 wrote to memory of 4856 1868 rundll32.exe 86 PID 1868 wrote to memory of 4856 1868 rundll32.exe 86 PID 1868 wrote to memory of 4856 1868 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\26b011261fdbbc11f05d3d27e9b56e28c3e3772e35336d292b1b3d4048a94091.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4856
-