Analysis
-
max time kernel
6s -
max time network
2s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21/10/2022, 04:26
Behavioral task
behavioral1
Sample
a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04.dll
-
Size
53KB
-
MD5
5cab8a6e09a5be50b52f6f2ea4799430
-
SHA1
97e0ae98d123852d646031843df07e874f6e8e60
-
SHA256
a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04
-
SHA512
b63e9fa0ffb15309c4281243ebd0a1f438df98d81a9494bdd82bdab25c376a9f0965aa831600479ef3284a77eaabfa9c407586cd6cc92ae6cfb57772c1614575
-
SSDEEP
1536:GQ3tfgXKJhnpTnrJnVpHeGw310LqwSZNDv6B:VfgXK3npTnlfeGwFPwSTDvQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3204 wrote to memory of 4424 3204 rundll32.exe 77 PID 3204 wrote to memory of 4424 3204 rundll32.exe 77 PID 3204 wrote to memory of 4424 3204 rundll32.exe 77
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a03838e81f8ab37f3820199ad13c0e196afe4edd803352c1aa82ac77b8feea04.dll,#12⤵PID:4424
-