Analysis
-
max time kernel
494s -
max time network
497s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 04:16
Static task
static1
Behavioral task
behavioral1
Sample
53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked.dll
-
Size
367KB
-
MD5
75b2ecdb38a1a89a620edd99219ba89a
-
SHA1
cd4a73173a115514dfa71c5b2d611ed955d1b2a3
-
SHA256
274171362e7928c3e70241f0d282a8d661cb16c41c787d3006a1810c0f76299f
-
SHA512
073776ad6c1a175584d7aefe5b09c2131f29bcfd6086e57d5bd9653463128f51d93b91c5ea260d21ccd593a48bf4ae73c06679d7e6ed17f83adc3e0225d862a7
-
SSDEEP
6144:Tckh9rP7lRaXoQ9khE2EiWrqkduoQeqlalrnB4AhdNorGvHdbi09GJGF6iO8:ThPa4rbzguoQeqglSAHhlyR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5116 wrote to memory of 4900 5116 rundll32.exe 83 PID 5116 wrote to memory of 4900 5116 rundll32.exe 83 PID 5116 wrote to memory of 4900 5116 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\53f7d917ad9ebf5b7d2ccc1a835083bc0c0b92cc69ee584703ea6e4345f5c457_unpacked.dll,#12⤵PID:4900
-