Analysis
-
max time kernel
145s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30-10-2022 14:02
Static task
static1
Behavioral task
behavioral1
Sample
bab4020f814b0f4feb797c93cfe8effd52c70757decaa0f618177b351330e078.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
bab4020f814b0f4feb797c93cfe8effd52c70757decaa0f618177b351330e078.dll
-
Size
788KB
-
MD5
83da7350dd4fb8d032e14baab13f1db0
-
SHA1
37d5029ae33f8704e448f2cda754852384329c5d
-
SHA256
bab4020f814b0f4feb797c93cfe8effd52c70757decaa0f618177b351330e078
-
SHA512
1dbafe8a1d7227fcc2ce3a386632bf8d7c9bb3e2c92717b4528867665952176f669c78e9d5b6e57cfa964eb39608b0b4a91b8646cb7ddea6a8d2bc41670b416b
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Z:jDgtfRQUHPw06MoV2nwTBlhm8h
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4220 wrote to memory of 5028 4220 rundll32.exe 82 PID 4220 wrote to memory of 5028 4220 rundll32.exe 82 PID 4220 wrote to memory of 5028 4220 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bab4020f814b0f4feb797c93cfe8effd52c70757decaa0f618177b351330e078.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bab4020f814b0f4feb797c93cfe8effd52c70757decaa0f618177b351330e078.dll,#12⤵PID:5028
-