Analysis
-
max time kernel
131s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:19
Static task
static1
Behavioral task
behavioral1
Sample
06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9.dll
Resource
win10v2004-20240426-en
General
-
Target
06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9.dll
-
Size
327KB
-
MD5
a0268c30bc437d44d62a40e901fda762
-
SHA1
7e4bca83f8f3bc2df9319c9ce83a750d7097afa1
-
SHA256
06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9
-
SHA512
949453d4ff7416a3ebe2dca22b14fea77c8d24785f683ababa19901f6b9ef1f92563e0751610efb6773ff2c88f6255581f607dc732f52cdceee3c7abab31ac15
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 964 wrote to memory of 4596 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 4596 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 4596 964 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae98fd5329590fba5c5ba3292872caaaf0a627e0cab48f878a131df0362af9.dll,#12⤵