Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 08:18
Behavioral task
behavioral1
Sample
dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll
-
Size
899KB
-
MD5
c9423813bbc567262f58b025711e73b2
-
SHA1
a50e94d107de3fd432115048807e32deec01006b
-
SHA256
dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530
-
SHA512
a84f427f90226b5b41880ba2ecc7ecafafe32bf3d3d82fcc1a8eed3e19e1e42125e10becb521456fd026a9d0b8dcde46c20624e02afefe223c692b146971d3ed
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXA:7wqd87VA
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
rundll32.exepid process 2924 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 540 wrote to memory of 2924 540 rundll32.exe rundll32.exe PID 540 wrote to memory of 2924 540 rundll32.exe rundll32.exe PID 540 wrote to memory of 2924 540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dcb504423c947d8d01c3e2077c8414c042c21fb4175dda65364aa515ce3c6530.dll,#12⤵
- Suspicious behavior: RenamesItself