Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
18/09/2022, 23:27
Static task
static1
Behavioral task
behavioral1
Sample
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
Resource
win10v2004-20220901-en
General
-
Target
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
-
Size
33KB
-
MD5
314203fb453e226eb53863d847b9a0f5
-
SHA1
297ab1843ae4499b3dab4d56eabfcd7c0371a3c6
-
SHA256
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460
-
SHA512
48e63d58700b00a1c3463000c9d460635ab400264cb5ece7153d9a1dec7ead3facf4c792a7da9de086a721253b9d7470e7a165122d0f8bf5a7161013b0ca8f63
-
SSDEEP
768:SWPYvZLnZ0icDVov3Yq7pW/PB7cOkRERz8ckt:jPYvZLnUVOb7pW/GLERz8cS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3276 wrote to memory of 1664 3276 rundll32.exe 83 PID 3276 wrote to memory of 1664 3276 rundll32.exe 83 PID 3276 wrote to memory of 1664 3276 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#12⤵PID:1664
-