Analysis
-
max time kernel
104s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 12:40
Behavioral task
behavioral1
Sample
b852c6b65b2f703b902ed3e84e1c0450N.dll
Resource
win7-20240705-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
b852c6b65b2f703b902ed3e84e1c0450N.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
b852c6b65b2f703b902ed3e84e1c0450N.dll
-
Size
6KB
-
MD5
b852c6b65b2f703b902ed3e84e1c0450
-
SHA1
d99fe58c3454e2550e7c7ac297d8ea4d037d8344
-
SHA256
05b5c2d4f368f9a759f75b1289cefe20eb35ba2daaa63d83be47def061ceeb79
-
SHA512
de5c621dfb77cc95211e53536465c98a51fe4d0fc7c8607e4db79c5b678e506c657abd27d7e81e2eb1c9b567c1e1aae196138181f2a3188d1903f99169341059
-
SSDEEP
96:rgTv8DAi8ltwh2yVm3FB3nIN/+lYRwVApB5V:AMAiJVKKDR6a5
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 13 2140 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2268 wrote to memory of 2140 2268 rundll32.exe rundll32.exe PID 2268 wrote to memory of 2140 2268 rundll32.exe rundll32.exe PID 2268 wrote to memory of 2140 2268 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b852c6b65b2f703b902ed3e84e1c0450N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b852c6b65b2f703b902ed3e84e1c0450N.dll,#12⤵
- Blocklisted process makes network request
PID:2140
-