Analysis
-
max time kernel
112s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 21:20
Static task
static1
Behavioral task
behavioral1
Sample
5ca03b35e8073165542c05981384ca00441059410ed61d0e5ab1294b1d68bf3f.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
5ca03b35e8073165542c05981384ca00441059410ed61d0e5ab1294b1d68bf3f.dll
-
Size
614KB
-
MD5
814e90b43872ba632643360f3d3d8460
-
SHA1
3aec9d080b541d599f70b1812121c1ba41e5e958
-
SHA256
5ca03b35e8073165542c05981384ca00441059410ed61d0e5ab1294b1d68bf3f
-
SHA512
018e3eaa39c7f56dc4a17cd8406d061b8b6b12bda03a7ab2ed5110b018569b158b94d8d912a756078a1cc7ae3f9ba10b19876a80791991ffbab738bdc7f89719
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0u:jDgtfRQUHPw06MoV2nwTBlhm8m
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3112 wrote to memory of 5112 3112 rundll32.exe rundll32.exe PID 3112 wrote to memory of 5112 3112 rundll32.exe rundll32.exe PID 3112 wrote to memory of 5112 3112 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ca03b35e8073165542c05981384ca00441059410ed61d0e5ab1294b1d68bf3f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ca03b35e8073165542c05981384ca00441059410ed61d0e5ab1294b1d68bf3f.dll,#12⤵PID:5112