Analysis
-
max time kernel
134s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:25
Static task
static1
Behavioral task
behavioral1
Sample
61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll
Resource
win10v2004-20240426-en
General
-
Target
61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll
-
Size
81KB
-
MD5
cd765fb84e19224fc22616e41709f540
-
SHA1
818a6f9c789947df00c7b5c9c5fc87d55c5e516e
-
SHA256
61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e
-
SHA512
e5ef7b21c82d11f7d9d916603fd708c183b1e76c2def957ccadb444909c7f059adf5eea50f7a929e9ddddc7aab7ced5eb63dc47895c475437e207637b68f492c
-
SSDEEP
1536:Qc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+GZ:v+5oxmqAiR8+/RBkez0U+2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2956 wrote to memory of 3984 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 3984 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 3984 2956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll,#12⤵