Analysis
-
max time kernel
153s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 00:12
Static task
static1
Behavioral task
behavioral1
Sample
082d8e91e0f2b8912f3bece573a8765ba44734ee1c5c6cb6a8d06e80f0f404c3.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
082d8e91e0f2b8912f3bece573a8765ba44734ee1c5c6cb6a8d06e80f0f404c3.dll
-
Size
414KB
-
MD5
91a9f216455c39b7c9db2a5419fde400
-
SHA1
cb0f0ba106d28aa4f0eb87316df2ccb44ae2bdbe
-
SHA256
082d8e91e0f2b8912f3bece573a8765ba44734ee1c5c6cb6a8d06e80f0f404c3
-
SHA512
4c9c417ebc1e57cda64f4e45764d976a02a3b8beeede70daaead7ab6f6806b5593939401d757210c1128a2085a81c1c38e88443be57f4bf6ac469e6cec8b8f79
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0+:jDgtfRQUHPw06MoV2nwTBlhm8m
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1280 wrote to memory of 980 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 980 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 980 1280 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\082d8e91e0f2b8912f3bece573a8765ba44734ee1c5c6cb6a8d06e80f0f404c3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\082d8e91e0f2b8912f3bece573a8765ba44734ee1c5c6cb6a8d06e80f0f404c3.dll,#12⤵PID:980