Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 02:54
Behavioral task
behavioral1
Sample
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll
-
Size
899KB
-
MD5
94ec58b425c30fac4bd65e3a0fac29a1
-
SHA1
0ed5ffa67adebcf20fab6511e4bdc3ceb21ab619
-
SHA256
ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f
-
SHA512
f47bbd4ab172697938cc0d9c1a7ccb390d29e4d7f7ed78d498d86c0d3b33538e3bfe4a94ab6e4fa1f61499ec64dbe7791f52da969de08f52ce072e499b7fccbc
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXt:7wqd87Vt
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2276 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4076 wrote to memory of 2276 4076 rundll32.exe 84 PID 4076 wrote to memory of 2276 4076 rundll32.exe 84 PID 4076 wrote to memory of 2276 4076 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee146401dbd963929a152c40891602acb4b34364e21e1972cb13f9d3a968fe9f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2276
-