Analysis
-
max time kernel
18s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 17:03
Static task
static1
Behavioral task
behavioral1
Sample
1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee.dll
Resource
win10v2004-20220812-en
General
-
Target
1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee.dll
-
Size
834KB
-
MD5
5bd834105a27154b64d7dc1925ec96d0
-
SHA1
a90b2017c905297666e4cdf91a43e9ed9c27672c
-
SHA256
1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee
-
SHA512
5a40a6ae26478f29748a387d167f10b681953853ef66cf7996b29a854f25fdd5d309c482e66f2678ef43a4146f496782e2e1ff50dfb5a6c9cc644f7f2104a9dd
-
SSDEEP
12288:gIUCZgKKZSkHRTsfKUaIaXc9Wx6fkfEXuj+7fi8diIPi2wB6M:gJCDWRT2Kb9ec4uj+77diIPi2Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2092 wrote to memory of 3824 2092 rundll32.exe 78 PID 2092 wrote to memory of 3824 2092 rundll32.exe 78 PID 2092 wrote to memory of 3824 2092 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1646825934b960c61db78ab13b86f9bb0f761e163093f76fb75cfa293504c1ee.dll,#12⤵PID:3824
-