Analysis
-
max time kernel
91s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2022, 22:52
Static task
static1
Behavioral task
behavioral1
Sample
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
Resource
win10v2004-20220812-en
General
-
Target
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
-
Size
11KB
-
MD5
d0f7517df08d48806a76aecd5ffa9070
-
SHA1
afa538f026fe9bb972bd3922c950e503bfab175e
-
SHA256
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be
-
SHA512
d6777c2dc2e74321fdb25d9bb5152a1f9d32d7812fc8d6392d1a6fa420a350b77563e34aac68941e72b21689de09174f521008d0fce3203040d813a98ac7ca7d
-
SSDEEP
192:1qDTt3f7VBohrx6gDgmfDpQY5Imr53AnKpM0d+Tgj/gdGIONkV:1YTlirxZDgm7SYxGnKS0d+Tgj/gdGB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3208 wrote to memory of 3584 3208 rundll32.exe 81 PID 3208 wrote to memory of 3584 3208 rundll32.exe 81 PID 3208 wrote to memory of 3584 3208 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll,#12⤵PID:3584
-