Analysis
-
max time kernel
96s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
13-07-2024 02:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
30328bf432ee4916fa71be105d8d1c50N.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
General
-
Target
30328bf432ee4916fa71be105d8d1c50N.dll
-
Size
815KB
-
MD5
30328bf432ee4916fa71be105d8d1c50
-
SHA1
2bd77ff33610973965d6ed4ea47d93de7e4b64e1
-
SHA256
6cf7f36abbf2f07b63d98028ba8ae42a968ca76a61ce85974f287801ad957423
-
SHA512
cab943ae0d5801954e62c260f8801025a61a12c64b56ee7f09eeb18742597b235441f761cab7550a6aeaa08ae3723d6965042cc5873d954a927108b309e890a8
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYV:o6RI1Fo/wT3cJYYYYYYYYYYYYV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2724 wrote to memory of 2216 2724 rundll32.exe 82 PID 2724 wrote to memory of 2216 2724 rundll32.exe 82 PID 2724 wrote to memory of 2216 2724 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30328bf432ee4916fa71be105d8d1c50N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30328bf432ee4916fa71be105d8d1c50N.dll,#12⤵PID:2216
-