Analysis
-
max time kernel
72s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
01-02-2022 16:17
Static task
static1
Behavioral task
behavioral1
Sample
07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84.dll
Resource
win10v2004-en-20220112
General
-
Target
07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84.dll
-
Size
327KB
-
MD5
aa22a99a52c046473ec73a0665bd4f4c
-
SHA1
87d1fc8cd625b868c37ed8775069a11175ed4253
-
SHA256
07be5d876aa45fd4d6f68a7c3ffa9e0a67f4d3d5f557309e5621334ffea74b84
-
SHA512
072a53c5cd91d3952f8cad296e909d6bac3ff237175354aebab65347e79c707e429dbd5df2dce1f5b36d038abc56f67b07b4c560407b60ae147f6abd9c101f66
Malware Config
Signatures
-
TA505
Cybercrime group active since 2015, responsible for families like Dridex and Locky.
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 13 2164 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2164 rundll32.exe 2164 rundll32.exe