Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2022 08:46
Static task
static1
Behavioral task
behavioral1
Sample
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll
-
Size
245KB
-
MD5
54b6f5942a902091afdd8d5173d2eef0
-
SHA1
8ef4d39065fae20c16ba8039829f301691221a59
-
SHA256
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29
-
SHA512
d447ea7cdf5750515ff7e3fdf5f64bde5593d83511dffb1acc1fbed46640accb75ba8a8d8f9030627ea867b0ec97a3ad638f216372cfeb7bfc56752dbc31c000
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0q:jDgtfRQUHPw06MoV2nwTBlhm8S
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1680 wrote to memory of 836 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 836 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 836 1680 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll,#12⤵PID:836