Analysis
-
max time kernel
99s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2022 16:09
Static task
static1
Behavioral task
behavioral1
Sample
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll
-
Size
946KB
-
MD5
12455e1687e8cff4fa2f540b15d4d163
-
SHA1
26897a20fb3a70f8e7f44775be45f64fce68785e
-
SHA256
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f
-
SHA512
9f07ce957994f38d96856b632360f1cccab173cc447ac3b3d50c8dc1838622f201290ffd6d1bd83be71f3735c3005930fa1686905ad2fb5b108163e00769f137
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDj:o6C5AXbMn7UI1FoV2gwTBlrIckPZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5012 wrote to memory of 2080 5012 rundll32.exe rundll32.exe PID 5012 wrote to memory of 2080 5012 rundll32.exe rundll32.exe PID 5012 wrote to memory of 2080 5012 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll,#12⤵PID:2080