Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 23:36
Behavioral task
behavioral1
Sample
95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91.dll
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91.dll
Resource
win10v2004-20220901-en
2 signatures
150 seconds
General
-
Target
95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91.dll
-
Size
247KB
-
MD5
08853f8621e8217ec5b80602631d2c60
-
SHA1
107a0005a161d905186d8965d6978209ebd0831b
-
SHA256
95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91
-
SHA512
f14d48186f128bd5503ff03c4ad604516f8276f8536ecd26c42ece1c3dc840fef2e1d183e3ddd8745622134adb181499ea9bf8d076e8d98ddaa48a64ebf20462
-
SSDEEP
6144:hrhi+65S6mSzTf6tPArp+lbJ1YE0FutxwithTbBvp39:hY7n8ArpMYJFKxzhhR39
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2808-133-0x0000000000400000-0x0000000000483000-memory.dmp vmprotect behavioral2/memory/2808-134-0x0000000000400000-0x0000000000483000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4728 wrote to memory of 2808 4728 rundll32.exe 82 PID 4728 wrote to memory of 2808 4728 rundll32.exe 82 PID 4728 wrote to memory of 2808 4728 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95603873ad7e10d046b497bbd06db1213fab1a1b170676b5b31c611fa01c3c91.dll,#12⤵PID:2808
-