Analysis
-
max time kernel
132s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:37
Static task
static1
Behavioral task
behavioral1
Sample
79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll
Resource
win10v2004-20240426-en
General
-
Target
79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll
-
Size
81KB
-
MD5
50d54607593d90b58e1dc3e02fe50af0
-
SHA1
5580a52426acac28f2ea5071a505e4fc0c125a09
-
SHA256
79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc
-
SHA512
fa5db7c952f5da0b1574271d2a5a5bbbfce03207f773a532f460c1ecb650698402e292b36cc034790c49bc1b611a014017d6ad9f60635ca952bf93a2e05c085c
-
SSDEEP
1536:Sc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Gl:x+5oxmqAiR8+/RBkez0U+i
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4388 wrote to memory of 2800 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 2800 4388 rundll32.exe rundll32.exe PID 4388 wrote to memory of 2800 4388 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll,#12⤵