Analysis
-
max time kernel
5s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 18:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
oneshit.dll
Resource
win10v2004-20240611-en
2 signatures
150 seconds
General
-
Target
oneshit.dll
-
Size
10.4MB
-
MD5
586d49cc240ed5bec59cdd82f251c67a
-
SHA1
ad5f8240218f32f0df35722d02499a9f8daabba1
-
SHA256
3171b9fd976b51ee71835c1522465ca208b6085fe29d18c3685cedfdf3cffe2d
-
SHA512
0fffc93501179b6521a1008296003852fbbda58d7b69449067aea4096596fd4e04580d5b45461c56f58302671b3763444689a11019a42a28e446effc94225247
-
SSDEEP
196608:IYizgaCkXp16TLIKezmj/wvs/9sL1jcOytIsjTIImELIjHBAHH8Vz1pQVp:YLwLI7mIvbR8y08ImELWA8Vzg
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 4416 rundll32.exe 4416 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4412 wrote to memory of 4416 4412 rundll32.exe rundll32.exe PID 4412 wrote to memory of 4416 4412 rundll32.exe rundll32.exe PID 4412 wrote to memory of 4416 4412 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\oneshit.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4412 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\oneshit.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:4416