Analysis
-
max time kernel
142s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 04:52
Static task
static1
Behavioral task
behavioral1
Sample
d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658.dll
Resource
win10v2004-20240508-en
General
-
Target
d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658.dll
-
Size
5.9MB
-
MD5
d6f86ef548c59108b5b811fbfe0f0d91
-
SHA1
3c302ee237011cb9c6a4359bf06f261152a9e654
-
SHA256
d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658
-
SHA512
d94e6a15b10ffd441a74ca17df6cb478c7f106c1a1134d37e0b99b913131ad2769ee584d536aed484f89ba559c67512be3f340bc3e5640982308295d3db8a00a
-
SSDEEP
98304:+G/VOHFn/EC0WMUmdHVwlMw83vGd/j/u4waC8E+lYgKSRn3xUjxe23S:+UcFnMCVmjoM//kj/u4waC8hrUE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3532 wrote to memory of 3952 3532 rundll32.exe 89 PID 3532 wrote to memory of 3952 3532 rundll32.exe 89 PID 3532 wrote to memory of 3952 3532 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7e3d682c681c313e303fb55d83ce81302b3f787771dbd4e6562f2aa3be56658.dll,#12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:81⤵PID:4036