Analysis
-
max time kernel
150s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 04:53
Behavioral task
behavioral1
Sample
4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll
-
Size
67KB
-
MD5
0853e7aaec434849cf6e07e57c9344d0
-
SHA1
6ccfdc64949bcd17bd485184ca69eae429b510cf
-
SHA256
4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452
-
SHA512
3eb100eb372ef438ade07bedf81337e513537ea6d6766c61906ae9db99fcd153024fb3b398f19d089823d492c1e2222b814b5a128da9ad12cc6ea92e2c16ee4b
-
SSDEEP
1536:wvJpyfY820v+0WsJ3Bdxf5Jk+hF7S7kVlp62EN7n4ocRFfSr:6pv1o+c3B75Pk7kJ62E94ocLfSr
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4932-133-0x0000000010000000-0x000000001040F000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2252 wrote to memory of 4932 2252 rundll32.exe 79 PID 2252 wrote to memory of 4932 2252 rundll32.exe 79 PID 2252 wrote to memory of 4932 2252 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll,#12⤵PID:4932
-