Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 14:35
Behavioral task
behavioral1
Sample
ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll
-
Size
164KB
-
MD5
bbe723936dab9bf9fd0fa11c454a58bb
-
SHA1
9d5568f74c5fa469357894ad6c16bb8f916ef285
-
SHA256
ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6
-
SHA512
50717ecbaafaabad36b9120677d104076ee646934b91ebb427750f11285093852cb502a16f778dea67d4432efa55c8f6550194db7b8045ebb08f79c235442b48
-
SSDEEP
3072:fSSUeSlj8AcWqtGxtb9mO69mfXsR/tcV:fSwSlj8Kqtiga
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3440 wrote to memory of 4092 3440 rundll32.exe rundll32.exe PID 3440 wrote to memory of 4092 3440 rundll32.exe rundll32.exe PID 3440 wrote to memory of 4092 3440 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll,#12⤵