Analysis
-
max time kernel
61s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 21:20
Static task
static1
Behavioral task
behavioral1
Sample
54b25b1e53342c71fd40cf05d0cd2ace3d5ea7a1a060ca607943c3b6bc280088.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
54b25b1e53342c71fd40cf05d0cd2ace3d5ea7a1a060ca607943c3b6bc280088.dll
-
Size
413KB
-
MD5
807d04be7385a3a201c6d4882f8c38ef
-
SHA1
5f6994081b5903475b062eb432392b611ff863e0
-
SHA256
54b25b1e53342c71fd40cf05d0cd2ace3d5ea7a1a060ca607943c3b6bc280088
-
SHA512
021cfa649d585fb1d0218c89f2aa111272b95168b89ec1b025058e6abf9735425b51f3a4ab567e4529f11f9f4a90ee796bc58a7a7be417cd370fcb576217709c
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0M:jDgtfRQUHPw06MoV2nwTBlhm8E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4100 wrote to memory of 4288 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 4288 4100 rundll32.exe rundll32.exe PID 4100 wrote to memory of 4288 4100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\54b25b1e53342c71fd40cf05d0cd2ace3d5ea7a1a060ca607943c3b6bc280088.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\54b25b1e53342c71fd40cf05d0cd2ace3d5ea7a1a060ca607943c3b6bc280088.dll,#12⤵PID:4288