Analysis
-
max time kernel
150s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 21:14
Behavioral task
behavioral1
Sample
f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a.dll
-
Size
899KB
-
MD5
7453fa40ef55fa78b0a0b96736d494cd
-
SHA1
79a6e4d23fd60b2d8a7cf466b826aff337ab094c
-
SHA256
f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a
-
SHA512
a556e933a6e389876f72f41bc10ab50074445b5087ddb2f431917403b6cdfd72dd79ce2c831e497f7b591e55934ab34ec8d69a50dd196a2b9ff5fb3dfffff7d1
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX6:7wqd87V6
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 540 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2184 wrote to memory of 540 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 540 2184 rundll32.exe rundll32.exe PID 2184 wrote to memory of 540 2184 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f588c6fe28b11c6fe64592d1aedf397182a048665e1e16db7484aea34ea1627a.dll,#12⤵
- Suspicious behavior: RenamesItself
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:81⤵