Analysis
-
max time kernel
141s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:25
Static task
static1
Behavioral task
behavioral1
Sample
bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958.dll
Resource
win10v2004-20240426-en
General
-
Target
bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958.dll
-
Size
327KB
-
MD5
75d272be28f138c502e236e762382ae5
-
SHA1
b44f379b789cb548641de67319a991ea61e0bcc6
-
SHA256
bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958
-
SHA512
cd1672abffd3a3388a09ba6e581b9b514dc49cdca697f87fa063de5d415da36f9b722f084805d8ce0da873f4463e46d90a74bb1812e9ebac5a72ceb1d195e3d9
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4868 wrote to memory of 1376 4868 rundll32.exe rundll32.exe PID 4868 wrote to memory of 1376 4868 rundll32.exe rundll32.exe PID 4868 wrote to memory of 1376 4868 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bb6f22fa702c1569b32832379c4b1b5330cb1c79a1e2bbbe77ea5208315e5958.dll,#12⤵