Analysis
-
max time kernel
95s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 21:37
Static task
static1
Behavioral task
behavioral1
Sample
42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9.dll
Resource
win10v2004-20240709-en
General
-
Target
42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9.dll
-
Size
23KB
-
MD5
9e956079eba9b484b8256ca19ee1f6d6
-
SHA1
53d78a3771fd2547151b6e629adac06349fbe54e
-
SHA256
42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9
-
SHA512
3297b77d4b6c4a6d362ceb8c6ac9f4cb3183d19f319995d0e930108b38c2fdb44c58ff39628c0cff7a7f9e890cffa0cf6c14e48c7b17fa4d7df86650cd65a044
-
SSDEEP
384:ySfM5KdwXslqosF3S08DklrgpSi2bprTW1xEpXonhd68w4L13R6nE7GSWqLMnDyb:DfXdwXslqosF3S3ugpYrTW1xEpXonhQK
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 460 wrote to memory of 3656 460 rundll32.exe 81 PID 460 wrote to memory of 3656 460 rundll32.exe 81 PID 460 wrote to memory of 3656 460 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:460 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\42f8ff888b88b0fc0468fb07b50a2b009f1ad5bddd9221df6a1936d5db3a9bf9.dll,#12⤵PID:3656
-