Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2022 09:56
Behavioral task
behavioral1
Sample
addCube.dll
Resource
win7-20220718-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
addCube.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
addCube.dll
-
Size
5KB
-
MD5
6f7b94f8618a450e7eb515e510532440
-
SHA1
52d640160a461827635ad9ce6ca972484f213ec8
-
SHA256
394bad1d7ae1007fd9faf8277a9c367d9f50462b524ef89dbbbb8398063315de
-
SHA512
84856a3a4baf462bb55ea4649c134b33e8d9d2f75085fa0ee34907b361e542a2ceaff440f3f68b30652da440cc87272864530597a298f4a00a41f804d60bee7f
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 1896 set thread context of 2940 1896 rundll32.exe rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1544 wrote to memory of 1896 1544 rundll32.exe rundll32.exe PID 1544 wrote to memory of 1896 1544 rundll32.exe rundll32.exe PID 1544 wrote to memory of 1896 1544 rundll32.exe rundll32.exe PID 1896 wrote to memory of 2940 1896 rundll32.exe rundll32.exe PID 1896 wrote to memory of 2940 1896 rundll32.exe rundll32.exe PID 1896 wrote to memory of 2940 1896 rundll32.exe rundll32.exe PID 1896 wrote to memory of 2940 1896 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\addCube.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\addCube.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe3⤵