Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:02
Static task
static1
Behavioral task
behavioral1
Sample
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
Resource
win10v2004-20240426-en
General
-
Target
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll
-
Size
915KB
-
MD5
de150ae2b803cbfc2661a7d1ce879fb0
-
SHA1
0f041e66193e8b183cd98429144d3bc6cc721172
-
SHA256
531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d
-
SHA512
b1169d90f88bca31e4963a3ffdc170b8f4d269f4ac880c7f6fa5058890da135ed0eedd2a1f38868375b53b83e836969db4e69af4e01e785837bdd1de0b648586
-
SSDEEP
12288:glQfY6JhF47ckeaHP1297QxL4l648PW7hl4pR3ObqzHjEnDWSy9vf4yF:4EJTa098R4WPW7rSEyJ4Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2688 wrote to memory of 3068 2688 rundll32.exe rundll32.exe PID 2688 wrote to memory of 3068 2688 rundll32.exe rundll32.exe PID 2688 wrote to memory of 3068 2688 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\531a3b615760e6a2d2836bd776dfce4721845c11f9766db771c84a6912585a4d.dll,#12⤵