Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 08:18
Behavioral task
behavioral1
Sample
d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d.dll
-
Size
50KB
-
MD5
9d8f7e8996707cea522417d0e3ec5476
-
SHA1
de959602ec12f6e5a1dd9dcdf09906340733a598
-
SHA256
d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d
-
SHA512
a9297a6fe9a15c7fd62dbc49af178ecf81055081508852c3d0364064b4ed50d5505923d16a94ac5c796df8a166fa48a0b6b09d1baec8453a1349a2d4b905505f
-
SSDEEP
1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5SJYH:W5ReWjTrW9rNPgYoQJYH
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 4520 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2972 wrote to memory of 4520 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 4520 2972 rundll32.exe rundll32.exe PID 2972 wrote to memory of 4520 2972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3c5496472564fa36acccb2655c7e4709b2ffcafc14f08e6bbf7c96628b7a42d.dll,#12⤵
- Suspicious behavior: RenamesItself