Analysis
-
max time kernel
133s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:40
Static task
static1
Behavioral task
behavioral1
Sample
80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll
Resource
win10v2004-20240508-en
General
-
Target
80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll
-
Size
327KB
-
MD5
6e697d51215a9f7e4a6e5062b9bb64a6
-
SHA1
622c78d4441a95ee2958ee0ee7a75886aa8e443d
-
SHA256
80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be
-
SHA512
0387843fad9985f7c0c455a5c76fa307a2e84b2470052863e270a021956a67d7954c80b0ed9c56e4d3e23e0d58da9c94512c1fa1c46f109aee8d18a4b1a03cf0
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4900 wrote to memory of 1848 4900 rundll32.exe rundll32.exe PID 4900 wrote to memory of 1848 4900 rundll32.exe rundll32.exe PID 4900 wrote to memory of 1848 4900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80a35e40d24e9d97a51e9693588be404cfb1b238269f7bb6a61831ed4aaee6be.dll,#12⤵