Analysis
-
max time kernel
86s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
02-10-2022 11:33
General
-
Target
bd1f11c304b00cad7077addad42e4881d916e2bd5e44eebe59eb8c90b826e35f.dll
-
Size
52KB
-
MD5
63b492c5992c72c4ccd21681fd56928a
-
SHA1
eea4ded7a445e370888e1b55c64edc21832984cb
-
SHA256
bd1f11c304b00cad7077addad42e4881d916e2bd5e44eebe59eb8c90b826e35f
-
SHA512
0b47dc094fc0a420a95bcccb37e51192e256e3de47a275add638989e93809b95cc2c8d7cff8952d77d222d7eb365728b0856758b840f27ab38d698f619868688
-
SSDEEP
768:UyOMccqi3TJq3kQMXrV/Jd8IqTjGqMW5B0QZhd+zPdCunTEDs6LLwhc8:Udbi3E3kvB/Jd89uQUzPdl/Rp
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd1f11c304b00cad7077addad42e4881d916e2bd5e44eebe59eb8c90b826e35f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd1f11c304b00cad7077addad42e4881d916e2bd5e44eebe59eb8c90b826e35f.dll,#12⤵
- Modifies registry class
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵