Analysis
-
max time kernel
91s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
20-10-2022 21:20
Static task
static1
Behavioral task
behavioral1
Sample
ea3042ac391e0d5cc87c10d24c17d583239ea2827d8b16b2d931bfd1aa2245ce.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
ea3042ac391e0d5cc87c10d24c17d583239ea2827d8b16b2d931bfd1aa2245ce.dll
-
Size
886KB
-
MD5
442e927b4c241963093f867ec9fa2c40
-
SHA1
9bd10bfa48a82afc5c9f09838e5a5602d45e7161
-
SHA256
ea3042ac391e0d5cc87c10d24c17d583239ea2827d8b16b2d931bfd1aa2245ce
-
SHA512
f988fd163c44d11c6876c04d3c8168403815c5171cd5fdeaf5377b00343e67d4ba8c9202b791b377578deac570bd13ebc550bc12c8eb2800174a79cda34f08ec
-
SSDEEP
12288:jDgN6MoIwT3qOOOOOOOOOOOOOOOOOOOOOOm:jTtT3qOOOOOOOOOOOOOOOOOOOOOOm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5016 wrote to memory of 3956 5016 rundll32.exe rundll32.exe PID 5016 wrote to memory of 3956 5016 rundll32.exe rundll32.exe PID 5016 wrote to memory of 3956 5016 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea3042ac391e0d5cc87c10d24c17d583239ea2827d8b16b2d931bfd1aa2245ce.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea3042ac391e0d5cc87c10d24c17d583239ea2827d8b16b2d931bfd1aa2245ce.dll,#12⤵PID:3956