Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:45
Static task
static1
Behavioral task
behavioral1
Sample
14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll
Resource
win10v2004-20240508-en
General
-
Target
14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll
-
Size
32KB
-
MD5
09cbc95554a15fcb35097a4335da6aa0
-
SHA1
191f9189d14f6892f5f8db00d81c3cf5809b5a39
-
SHA256
14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38
-
SHA512
b3e03a9ba11074ac51631ad336e8c2211677f6a0407f328de6764580ac5e3c57a55cc57e7a5bbf8941fcbb6cea1a697afd0eb53b1c7830429717921a4df8fa27
-
SSDEEP
768:DnXW/oHK5NEZoAUNg6CvhCoGvAFC18p+VOs:DXgEZiNrTvAFC18p+VO
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2392 wrote to memory of 3872 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 3872 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 3872 2392 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll,#12⤵