Overview
overview
10Static
static
Calculation.lnk
windows7-x64
3Calculation.lnk
windows10-2004-x64
3look/alsoThere.js
windows7-x64
3look/alsoThere.js
windows10-2004-x64
1look/forLook.bat
windows7-x64
1look/forLook.bat
windows10-2004-x64
1look/youIn.dll
windows7-x64
1look/youIn.dll
windows10-2004-x64
1more/nowUp.js
windows7-x64
3more/nowUp.js
windows10-2004-x64
1more/whatThere.bat
windows7-x64
1more/whatThere.bat
windows10-2004-x64
1more/wouldDay.dll
windows7-x64
10more/wouldDay.dll
windows10-2004-x64
10Analysis
-
max time kernel
92s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2022 08:52
Static task
static1
Behavioral task
behavioral1
Sample
Calculation.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Calculation.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
look/alsoThere.js
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
look/alsoThere.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
look/forLook.bat
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
look/forLook.bat
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
look/youIn.dll
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
look/youIn.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
more/nowUp.js
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
more/nowUp.js
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
more/whatThere.bat
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
more/whatThere.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
more/wouldDay.dll
Resource
win7-20220812-en
General
-
Target
look/youIn.dll
-
Size
3KB
-
MD5
b83bebd6d4214aaddb333d720a56db15
-
SHA1
fe7562e8deb7a4ae47e5183cab2ee6e053a05bc2
-
SHA256
d0a3cdc531a3c40b67d9ff093dc96a19db3f5fe52d718468988b67f999b53411
-
SHA512
f19788a9417bfb3fed7326e7ff29b690217f354d02912fdf8460f7f0e9a3fe17aeab540f4b014d0996cff22fa9c2aaec73725a50c999f6cefed28d09d6dd2286
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4204 wrote to memory of 4940 4204 rundll32.exe rundll32.exe PID 4204 wrote to memory of 4940 4204 rundll32.exe rundll32.exe PID 4204 wrote to memory of 4940 4204 rundll32.exe rundll32.exe