Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:22
Static task
static1
Behavioral task
behavioral1
Sample
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
Resource
win10v2004-20240508-en
General
-
Target
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll
-
Size
327KB
-
MD5
66fe98121562d60b8026cb14deecfcc9
-
SHA1
540d3b58ce6db5de20ef38d1db54cb3dc3e3f21c
-
SHA256
07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8
-
SHA512
fdebbcfcfa998bd6a56f07ff98b409a1d0c29ae8a2ac56c5b189f5975b4b079ef0ac32d4621caa3bb23d3c294861b2f603c6b4c6b2c8f954f66c88c49f983390
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1340 wrote to memory of 3572 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 3572 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 3572 1340 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\07d323761d83d898dc2bb7ad772e9789f8f92a3f3100e8fcd2c5a996d79789c8.dll,#12⤵