Analysis
-
max time kernel
81s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
ac54420704a8e6381550cd3394cd11151c488d5548ce9d91b45e073a649c5ab3.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
ac54420704a8e6381550cd3394cd11151c488d5548ce9d91b45e073a649c5ab3.dll
-
Size
222KB
-
MD5
1f38d3e3f6b3d9f3a1dec29283a0bb21
-
SHA1
10cb908d20609240a4521ee58c2475de03145329
-
SHA256
ac54420704a8e6381550cd3394cd11151c488d5548ce9d91b45e073a649c5ab3
-
SHA512
7daded363f17701903f890baaf3f52e03aaedcdcbf43b2a4d221d47efc39b42f198d8af4ad7149c86beac3839e713155529663e1886deddbfbba8051a151da79
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0f:jDgtfRQUHPw06MoV2nwTBlhm83
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2328 wrote to memory of 2732 2328 rundll32.exe rundll32.exe PID 2328 wrote to memory of 2732 2328 rundll32.exe rundll32.exe PID 2328 wrote to memory of 2732 2328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac54420704a8e6381550cd3394cd11151c488d5548ce9d91b45e073a649c5ab3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac54420704a8e6381550cd3394cd11151c488d5548ce9d91b45e073a649c5ab3.dll,#12⤵PID:2732