Analysis
-
max time kernel
91s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 23:04
Behavioral task
behavioral1
Sample
5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll
-
Size
3KB
-
MD5
442e06cc8de4e42f4537e19893987ab0
-
SHA1
bc0cb1a1a28735dd5297b034f8a9defbd5ddb18d
-
SHA256
5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace
-
SHA512
45949598d749c62a8e835d22a67132850c10061c44e5bf74b83500b71309f4c0b9c8cbf177be189e1290225c4d7aa161518fb5be6dad9ed4837802f1d5f92a3d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1312 wrote to memory of 4556 1312 rundll32.exe 80 PID 1312 wrote to memory of 4556 1312 rundll32.exe 80 PID 1312 wrote to memory of 4556 1312 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll,#12⤵PID:4556
-