Analysis
-
max time kernel
90s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2022 16:09
Static task
static1
Behavioral task
behavioral1
Sample
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll
-
Size
708KB
-
MD5
59f40dd7935ff265f7c79a4f1366d8d0
-
SHA1
3c7bd34d1bb6bd9403b26034568be9209eb8107c
-
SHA256
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1
-
SHA512
86e1d647f70cc689e12c86cd7f87ede0dcfd2a91dfeb4c004e4c1991a34e0a9ef00c3ed1e823a697257e2c973049930cb2eee197ac665e3bffbd715a563eb4e0
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYb:o6RI1Fo/wT3cJYYYYYYYYYYYYb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4328 wrote to memory of 4368 4328 rundll32.exe rundll32.exe PID 4328 wrote to memory of 4368 4328 rundll32.exe rundll32.exe PID 4328 wrote to memory of 4368 4328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll,#12⤵PID:4368