Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 20:07
Behavioral task
behavioral1
Sample
05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a.dll
-
Size
65KB
-
MD5
84905f0f0f130cd8ff7b0fed49548c88
-
SHA1
8b7045dfc559ac0622d5ea9675efe80384075e83
-
SHA256
05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a
-
SHA512
013554fa07f91dfff6e352e9ddb8f32e45852020403165639db6ab1b313d8b71522a13043af54ea6b30ef1fd8da3462938dc70486d9073ed8fa578eccaf20de1
-
SSDEEP
1536:yl3E0TJEZ8cytZWgaQN7WWKC+0Ibas5XD4zIu:E396AtoQNN9+TXY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4772 wrote to memory of 2112 4772 rundll32.exe 82 PID 4772 wrote to memory of 2112 4772 rundll32.exe 82 PID 4772 wrote to memory of 2112 4772 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05790383b7d9026ab6d33cd0a9fe142111adb88cc91b64050323a9350c32b80a.dll,#12⤵PID:2112
-