Analysis
-
max time kernel
130s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 21:48
Static task
static1
Behavioral task
behavioral1
Sample
555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98.dll
Resource
win10v2004-20240426-en
General
-
Target
555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98.dll
-
Size
40KB
-
MD5
aa2d58b90da82249385fc3a0924857e3
-
SHA1
0a2d334da492e3144a71e0d72d44e7b837acb201
-
SHA256
555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98
-
SHA512
90a32911aee61886ad5dd622d700656dd99a37080843c46042dd8cdbf8ba092c93c50112f94f7423192e97d3ab2aca313f4b893b3b41b306597c8e860643fe2f
-
SSDEEP
768:PdicwBS5VoS0IUdwu9a93Xz/Drg2k5IziWOT:sg8VdBMx8v5IGW
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3080 wrote to memory of 1592 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 1592 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 1592 3080 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\555689fe1fb7aa1092db2ae163851778c76734411d99c6ea79b410650412bf98.dll,#12⤵PID:1592
-