Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
05-07-2024 03:57
Behavioral task
behavioral1
Sample
5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5.dll
Resource
win10v2004-20240704-en
General
-
Target
5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5.dll
-
Size
108KB
-
MD5
fdf484a1f7177c5d3f9123a546542ffe
-
SHA1
7ff81a2fa2038d4b81e50e2f4cb46fddafdcb27c
-
SHA256
5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5
-
SHA512
49256e64d13c7811e330c0a402aea74805170eb66488e69b7b18863324a8e8ab260d164d263595959241bd937f87f18d7745512a71822ad1f2380a22c1760712
-
SSDEEP
1536:O0phaPh6KMG2KCB+Cpn1mz2FrTG8+2olmnlguqiPltGcWAKtHstNX:Hzv/11OkJ1XWAKtHstN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1412 rundll32.exe 1412 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe PID 2476 wrote to memory of 1412 2476 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5cdc738fb3895ce00588141d95abd848863a9c53880c2bb8084eef54025566e5.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses