Analysis
-
max time kernel
135s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2022 15:02
Static task
static1
Behavioral task
behavioral1
Sample
1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015.dll
Resource
win10v2004-20220812-en
General
-
Target
1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015.dll
-
Size
88KB
-
MD5
6634096adc691dd18073772c5e5fa825
-
SHA1
2dc8428e0b62fc32d976325d0e473ace04469d0c
-
SHA256
1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015
-
SHA512
c4a0a7864c765a28abdbed7889d4f2bc8925f6b3daecd9bfc67caf411b3b2ac123c2d4cf7a3318600192e9764f917538dadde2f0a377b6c14a5b3d91a00cb83e
-
SSDEEP
1536:6KfH4xzdjFi6DsiRwATgkWvilcXjQSscoK7bL+s7x:DfwS6DbRzTgkJbS3qi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3140 wrote to memory of 5084 3140 rundll32.exe rundll32.exe PID 3140 wrote to memory of 5084 3140 rundll32.exe rundll32.exe PID 3140 wrote to memory of 5084 3140 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1032dde878e7fc0d3009cdeb63007721120d2526829b1efe29805fd293672015.dll,#12⤵