Analysis
-
max time kernel
101s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2024 06:49
Static task
static1
Behavioral task
behavioral1
Sample
815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll
Resource
win10v2004-20240709-en
General
-
Target
815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll
-
Size
663KB
-
MD5
8363e265a2f79666f9bfca8ef23c453c
-
SHA1
5ebacb20f62fae0dd610d874583d13fac5024309
-
SHA256
815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04
-
SHA512
dac6dca71fb522b81e408f19e1a09a304af87a0df5e03836800d3377863ff3a1b132e96f811897320f39d0bfbde28f8850897a77517d387fc3f4491a19d151e8
-
SSDEEP
12288:Fm7UnRfVgZK5uH5yYTKGhkJ9JWUjH5WHCFz0pKuQnjhVh7SNE:FmwZGZJAY17UlEiuQlVJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 400 wrote to memory of 4840 400 rundll32.exe rundll32.exe PID 400 wrote to memory of 4840 400 rundll32.exe rundll32.exe PID 400 wrote to memory of 4840 400 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:400 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\815c40ce37b67b84ad68dff69b9d05a4856953d7d6c5c7c124ff3f714efeae04.dll,#12⤵PID:4840