Analysis
-
max time kernel
91s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
ed6a3ebae6bb9ff3680cdb61171517b6dd7a54f87aa73986486b8374f20a3b5a.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
ed6a3ebae6bb9ff3680cdb61171517b6dd7a54f87aa73986486b8374f20a3b5a.dll
-
Size
781KB
-
MD5
49689fe6ca0a9bb363d5c274e8a2d6f0
-
SHA1
97697d79c19668b71001b7166eb9f6c13ccfc2b2
-
SHA256
ed6a3ebae6bb9ff3680cdb61171517b6dd7a54f87aa73986486b8374f20a3b5a
-
SHA512
67a82b85dab361763fb72b521387ff667c8bae7622f815d8f1998bf6dd32b6cd5f58a1fea2df25ca7468479a50d7e2e6bfe3d80f687e8509649d893b0aa43aeb
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0o2gqTNY4P:jDgtfRQUHPw06MoV2nwTBlhm8pgqT7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6a3ebae6bb9ff3680cdb61171517b6dd7a54f87aa73986486b8374f20a3b5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6a3ebae6bb9ff3680cdb61171517b6dd7a54f87aa73986486b8374f20a3b5a.dll,#12⤵PID:4932