Analysis
-
max time kernel
171s -
max time network
236s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 00:11
Static task
static1
Behavioral task
behavioral1
Sample
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll
-
Size
316KB
-
MD5
906bfb685a68444886c6986539960040
-
SHA1
2c646fd86f23560539ac1f2b76dab165181e1bcb
-
SHA256
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421
-
SHA512
61785dfc5fb244557f97bf6f60fbf51cf86c5698d8e44f1de4a4840edbf7a0e4222a8de81062cbe4ba7134f4b5484dd67934198c99ce8930c122790469c06852
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0/:jDgtfRQUHPw06MoV2nwTBlhm83
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4768 wrote to memory of 1028 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 1028 4768 rundll32.exe rundll32.exe PID 4768 wrote to memory of 1028 4768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#12⤵PID:1028