Analysis
-
max time kernel
135s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:16
Static task
static1
Behavioral task
behavioral1
Sample
d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7.dll
Resource
win10v2004-20240426-en
General
-
Target
d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7.dll
-
Size
329KB
-
MD5
1f0ed273650f15a16fd97d4219b0e31c
-
SHA1
357c5962c2e33ea0f08a4e8f936dc74f0d08bd7f
-
SHA256
d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7
-
SHA512
fbff8a50bd52cd14ed372d1f728cfb34b6e2bd6277be51890c15d0621c1f355c35639cfa8cb713efe7e52457942c7eb870d77050cbce0e99d3c7e3de00532c63
-
SSDEEP
6144:RmWhxR1arY/PbgmFOabPIIBhJXAv7eTY9suz0xhttGSrDKE3KIvSka8br:RmWTR1arYnEKosuzY34CZ3DvSkN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4600 wrote to memory of 3476 4600 rundll32.exe 82 PID 4600 wrote to memory of 3476 4600 rundll32.exe 82 PID 4600 wrote to memory of 3476 4600 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d17348c3548f5bf91c44d466832cc40ef462cf312df878347d989c265c3b7cd7.dll,#12⤵PID:3476
-