Analysis
-
max time kernel
91s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 21:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4e854ab408c81e9aad122536a951c0a1eb6223975aa68985dd8a9096087b1ca3.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
4e854ab408c81e9aad122536a951c0a1eb6223975aa68985dd8a9096087b1ca3.dll
-
Size
719KB
-
MD5
66ecca86dd9006dc201c0c6dc3a92a5e
-
SHA1
ab1da37abe12f1225f6b8aa3cb6c16676cb7f1e1
-
SHA256
4e854ab408c81e9aad122536a951c0a1eb6223975aa68985dd8a9096087b1ca3
-
SHA512
a2b0ce116e47b1135141ba6ff45d8fdd968452593c9d7d3cbfec161c45294b39d4cc5243062274aa055d7206df7ae382508a5838a1b4fa62a812070ed6ac6d31
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYS:o6RI1Fo/wT3cJYYYYYYYYYYYYS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1960 wrote to memory of 3840 1960 rundll32.exe 80 PID 1960 wrote to memory of 3840 1960 rundll32.exe 80 PID 1960 wrote to memory of 3840 1960 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4e854ab408c81e9aad122536a951c0a1eb6223975aa68985dd8a9096087b1ca3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4e854ab408c81e9aad122536a951c0a1eb6223975aa68985dd8a9096087b1ca3.dll,#12⤵PID:3840
-