Analysis
-
max time kernel
136s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 05:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
dtsh.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
dtsh.dll
-
Size
30KB
-
MD5
00ec4fd380548c105a19e6e0ba28fb61
-
SHA1
b31bc9d0e523d9b0a0e100c8609e9c0a0d2a0333
-
SHA256
4aac41e2539c2068ce1e4af5c1136f5ca08db1a0de5fdccbf64060928e32bae7
-
SHA512
a1a5d1e01fd3379a9042b107cdcc6e2d8d83333ad9c8e9dbc35eb3b7f9b0da337e62e0bd1514803a79a77c8258949d69364328f39449ace1519d2fd9d593f931
-
SSDEEP
384:6uFMgA5AILVJIDcs7oEOYJ3g+mcUPvA8a7z2qrTcW7SWnjilSfbA47DEt6Dy:ogtIL0Dcs33DevufxHmo
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4928 wrote to memory of 4204 4928 rundll32.exe 83 PID 4928 wrote to memory of 4204 4928 rundll32.exe 83 PID 4928 wrote to memory of 4204 4928 rundll32.exe 83