Analysis
-
max time kernel
139s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:07
Static task
static1
Behavioral task
behavioral1
Sample
81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072.dll
Resource
win10v2004-20240426-en
General
-
Target
81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072.dll
-
Size
81KB
-
MD5
5049452d5485b8c7597d0d8409ccc937
-
SHA1
06079508be0bf17ce9ab6662c5570aa1160a75b1
-
SHA256
81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072
-
SHA512
15ea63eb3c024605e65d1eeb7e2a87cad91138e007a63766274a31876ff0a9e22933770f2b6e49142cc5633c32c60b10da3650a9f091250c7255e50c466e14f3
-
SSDEEP
1536:OtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wz:O4v4JKXTx71w0ArSsXF3enq8Wz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2692 wrote to memory of 3724 2692 rundll32.exe rundll32.exe PID 2692 wrote to memory of 3724 2692 rundll32.exe rundll32.exe PID 2692 wrote to memory of 3724 2692 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\81b0cdbe678d5ff0a258a4568502eb98ef6e7441aa38a3a518857da7b9ec7072.dll,#12⤵PID:3724