Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 02:00
Behavioral task
behavioral1
Sample
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll
-
Size
1.9MB
-
MD5
56786421989f712855d73a8e715f3c88
-
SHA1
4903ff46434d72dd43b09696d7f363dc2b611058
-
SHA256
b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376
-
SHA512
c4352944fba38d5e2af5e2a708e23842e972d71a6d76ef8ef6e5b0175752eb05b39e4e383a4bc7766572fead0b6037f20b70e2a86ff06959d26fa93135063df6
-
SSDEEP
49152:nySWhaueq9WjeAk4jQ41GADGAdAOuq5+jDcT:nBWh/euW0krGAD1AVY+e
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4032-0-0x0000000074CD0000-0x0000000074EC1000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4032 4988 rundll32.exe 82 PID 4988 wrote to memory of 4032 4988 rundll32.exe 82 PID 4988 wrote to memory of 4032 4988 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b633efc615e14595c28a649fe96f93b08baf61b108b3cfa370d8cb1d02162376.dll,#12⤵PID:4032
-