Analysis
-
max time kernel
61s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-ja -
submitted
24-06-2022 05:40
Static task
static1
Behavioral task
behavioral1
Sample
308817-9E1CBC15-693D-4FE7-B706-98D4582FDA56.dll
Resource
win7-20220414-ja
windows7_x64
0 signatures
0 seconds
General
-
Target
308817-9E1CBC15-693D-4FE7-B706-98D4582FDA56.dll
-
Size
816KB
-
MD5
94ed97a7d00dfeb3356df3fd73fa5c38
-
SHA1
0f926e5bb2389ad919b438a2d1b9a24e93c9e501
-
SHA256
788d09f17caf8e95bc28d1f122bb2b3ffb4567c1dc92856428327ebe1ac26ce4
-
SHA512
8e26f88f187d34d5f1d292dee9179c0451b188c7abb87d51b8594357d12f9c81f6e7eb629769e1c620c693364387a557b1173315038000529c946c0da2bc93ae
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2000-132-0x00000000021A0000-0x000000000226F000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4584 wrote to memory of 2000 4584 rundll32.exe rundll32.exe PID 4584 wrote to memory of 2000 4584 rundll32.exe rundll32.exe PID 4584 wrote to memory of 2000 4584 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\308817-9E1CBC15-693D-4FE7-B706-98D4582FDA56.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\308817-9E1CBC15-693D-4FE7-B706-98D4582FDA56.dll,#12⤵PID:2000
-