Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:36
Static task
static1
Behavioral task
behavioral1
Sample
a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541.dll
Resource
win10v2004-20240508-en
General
-
Target
a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541.dll
-
Size
260KB
-
MD5
76f614a7782af886b166720524d9dc87
-
SHA1
b60af221656e8e818a0b8cccb74a06587dfcbb3b
-
SHA256
a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541
-
SHA512
b2ce69f510a7c6b99647f96504f819d0ca1dac7f52144ec74df1a904fbc5bb07fabf993bf6fe3e0d6888bc211c0a453edf6971883411201f4e7947e77aba65b7
-
SSDEEP
6144:gAdxkcEQdKORIVQy6PQWRg4kRV5ZkdNpIJ47:gAc4dPRIVQy6PQmg4kRBkp/7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1076 wrote to memory of 3812 1076 rundll32.exe 81 PID 1076 wrote to memory of 3812 1076 rundll32.exe 81 PID 1076 wrote to memory of 3812 1076 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a2d037d9c1d46ae3fd2c15ec35e3a5dfcfd56e601503f05edde3d7a18adce541.dll,#12⤵PID:3812
-