Analysis
-
max time kernel
148s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 12:38
Behavioral task
behavioral1
Sample
5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8.dll
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8.dll
-
Size
51KB
-
MD5
e68ac1f0006eab50c59bba83e42f6f67
-
SHA1
8f4cd251e53bb400c8f690eee8c435801ba61299
-
SHA256
5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8
-
SHA512
c3e7399c1fd5c42423d31744b4f5775de925e53e36bbe846b5dabf82691ac1739bb9b9c892c6c858eddf24491a66b0a810463cfec9b77c49c76dd6910a3f72ac
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL0JYH5:1dWubF3n9S91BF3fboQJYH5
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1772 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 760 wrote to memory of 1772 760 rundll32.exe 84 PID 760 wrote to memory of 1772 760 rundll32.exe 84 PID 760 wrote to memory of 1772 760 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e360e553618286f86bb80ec3cd2e29c0cd138f2557985a694752c2f15ea1be8.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1772
-