Analysis
-
max time kernel
116s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-10-2022 01:25
Static task
static1
Behavioral task
behavioral1
Sample
c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll
-
Size
241KB
-
MD5
0a00b06a4f398dbe2b7c3ab635f1d291
-
SHA1
51e6117d50393f2e1a0237258e97064fe51472cc
-
SHA256
c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b
-
SHA512
140ea817218a920903df480a6dc1f9829cb6fe3ca3e6a23a750a823a26cac4d808f50f8a9ff718b8c484bc91509fca51f2301d59ca5d87a36ae0b2454b089d84
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0f:jDgtfRQUHPw06MoV2nwTBlhm8n
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4912 wrote to memory of 4812 4912 rundll32.exe 17 PID 4912 wrote to memory of 4812 4912 rundll32.exe 17 PID 4912 wrote to memory of 4812 4912 rundll32.exe 17
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2709b03b1e9766074f73e64ad51c4117005c6b7ab420da4c688a629156e280b.dll,#12⤵PID:4812
-
Network
- No results found
-
46 B 40 B 1 1
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-