Analysis
-
max time kernel
504s -
max time network
506s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 00:07
Behavioral task
behavioral1
Sample
3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked.dll
-
Size
108KB
-
MD5
3dfa4f44613b1ad60b9d592a3efd7289
-
SHA1
761848e7a9b9ba4f02c8cd45076e4f269a674e70
-
SHA256
d1b4045990964610141800df6c538a05d00aadb8b28390d91de28aa5b8ac90af
-
SHA512
983f1165ca7d36f860cbb111ad846618ff6039da24d2180434b2e1f89be80937e93e967f64922fbeebdfa790b8532c21a8880fbb37ffcea646ff8f72042f3de6
-
SSDEEP
3072:3l6Rrc/z9Lh39PvrYnD2qlaleOMEKlKg5fUny:cxcb9Lh5sCqlalevSg3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4996 wrote to memory of 1956 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 1956 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 1956 4996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3237ec73a4f16533fd2c3fb92b3caf43e42b5c9f11d61a5f8576a86c478f0b55_unpacked.dll,#12⤵PID:1956
-