792757afe86756974b1a7b0dfaf9796ead41743a2560f4b8b959cf0485cfa6ec

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 20:47

Target

792757afe86756974b1a7b0dfaf9796ead41743a2560f4b8b959cf0485cfa6ec.dll
Size

1.5MB
MD5

78e49f9e0db7c7a9daa872f89e4c2543
SHA1

b8c5332520c9af24f81f025a05e0ccbb68c95f09
SHA256

792757afe86756974b1a7b0dfaf9796ead41743a2560f4b8b959cf0485cfa6ec
SHA512

13abe4044ff17507dae58493abee37cdea72d5765a76b5ebd0a75aee290c251b7fbb67c323ec1de69701e89ce74962db3c3c990c80030ecf7a867b148452cb1d
SSDEEP

24576:87pyc7+6dJ8uCpk+0awZMGWtv8hvBQ4Wq+z7FmdR5nVQ6oTABqD+F5sCEL/XjqeM:aJ7+dpea7Gu8hpQ4WR4lVacRF5mfjTEl

Score

1^/10

Modifies Control Panel 8 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\sTimeFormat = "HH:mm:ss"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\iTime = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\iTLZero = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\iTimePrefix = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\sTime = ":"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\sShortDate = "yyyy-MM-dd"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\iDate = "2"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\sDate = "-"	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 2236	3856	rundll32.exe	81
PID 3856 wrote to memory of 2236	3856	rundll32.exe	81
PID 3856 wrote to memory of 2236	3856	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\792757afe86756974b1a7b0dfaf9796ead41743a2560f4b8b959cf0485cfa6ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\792757afe86756974b1a7b0dfaf9796ead41743a2560f4b8b959cf0485cfa6ec.dll,#1
  2⤵
  - Modifies Control Panel
  PID:2236