Analysis
-
max time kernel
93s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 16:23
Static task
static1
Behavioral task
behavioral1
Sample
0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll
Resource
win10v2004-20220812-en
General
-
Target
0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll
-
Size
290KB
-
MD5
2598e1ce160b1e9c77f4ebbcef9207ae
-
SHA1
a06a0d01a194df2db66a9e49d2593f1251b9c9b7
-
SHA256
0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f
-
SHA512
8e76e2da2ff2b59991a47b785a84c2a27c9bb860a48bb567218754cf548b4548a060a95efdc71acb487a8b735a5921cd1d2d86b3cc90ca7dafb41f9f26f3e608
-
SSDEEP
6144:j8MbawTYRgl1Xnz7yRW8wDk+5Qk6xdsJVwuHx21tDJFttlH:AMba4a+fyAgtrH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2980 wrote to memory of 2560 2980 rundll32.exe 83 PID 2980 wrote to memory of 2560 2980 rundll32.exe 83 PID 2980 wrote to memory of 2560 2980 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll,#12⤵PID:2560
-