Analysis
-
max time kernel
133s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:54
Static task
static1
Behavioral task
behavioral1
Sample
8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833.dll
Resource
win10v2004-20240426-en
General
-
Target
8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833.dll
-
Size
395KB
-
MD5
4ab93a4cc4ab30c236161e56449902ba
-
SHA1
5d69022bed885d7756e4c211469e18bcadca1c47
-
SHA256
8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833
-
SHA512
105594fe6c422bc674a32f58fb82ef15f0086291bdcc0f661df68bd02969ea06ef67af21742ddde4f4e8501753eec3c965208a9d3700a50c7ba2e4397798bbd2
-
SSDEEP
6144:rCaq9ubZxqLHZBwm/Y81dXOSH4yju66AnR7NRncR5aTHVXcjQV50DErPAOznM2P:5qo8kc1dXRHvKGc7aT1XcnD4RM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4564 wrote to memory of 3224 4564 rundll32.exe rundll32.exe PID 4564 wrote to memory of 3224 4564 rundll32.exe rundll32.exe PID 4564 wrote to memory of 3224 4564 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8616f859814c801ffbf37902d999ef821bd5b8ab20c1ce9691a366b248267833.dll,#12⤵