Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 21:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll
-
Size
530KB
-
MD5
afba29c02ca4d776e33c86be12d9bf29
-
SHA1
4e2e9d252584c1a8c3d84ad50bd8e5cbb5684e93
-
SHA256
4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5
-
SHA512
bdcea19a58d9d5aa9f5e45950766c06a59fbd4d6c9ddb6c6a655cc71ac96085981bf785949399f7536349dbf9393538b8f0f05d12b4114d5faae52af23a35853
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0P:jDgtfRQUHPw06MoV2nwTBlhm8H
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3596 wrote to memory of 2068 3596 rundll32.exe 81 PID 3596 wrote to memory of 2068 3596 rundll32.exe 81 PID 3596 wrote to memory of 2068 3596 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3596 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8a74c07d5b1296f0d1a5373625b337ccff6134e597b6ddc326e1c07278edc5.dll,#12⤵PID:2068
-