Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ShellCommonCommonProxyStub.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
ShellCommonCommonProxyStub.dll
-
Size
446KB
-
MD5
7419c9d828d4faa9952e109ca9651048
-
SHA1
0e10926ea2fce27eff75c033d4fe6377c8b474ff
-
SHA256
804880684f3d671cf376f97b6125d9facac26ba6e64673528babebf871687510
-
SHA512
ebb0737d8c392cb18f70a2ddd99bf8b78f4c622029edcc54708b49df683820b4613ea1285e9e443ab012285c1520b0d04b2f12047ffd13fee8bf7605d7360dfa
-
SSDEEP
6144:49IoOlL3U9xGA1gJWnVsGU81ehU/FvWKdAq0fW:XtlL3Uv51nN+9q0fW
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3228 wrote to memory of 3596 3228 rundll32.exe 82 PID 3228 wrote to memory of 3596 3228 rundll32.exe 82 PID 3228 wrote to memory of 3596 3228 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ShellCommonCommonProxyStub.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ShellCommonCommonProxyStub.dll,#12⤵PID:3596
-