Analysis
-
max time kernel
144s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 15:01
Static task
static1
Behavioral task
behavioral1
Sample
d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804.dll
Resource
win10v2004-20220812-en
General
-
Target
d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804.dll
-
Size
679KB
-
MD5
04126b8c10ecdf621c29c150f71555e0
-
SHA1
e61c6c070ef8e5599389190b2e16ef410d8a017f
-
SHA256
d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804
-
SHA512
7f9fd15eea2d12df48b67f7202add209205001a2f05040d133d0c5912fd4f990a139a0a1146e96c4ff6757252a842f4bf175c6815838c5be961632e38ab2950d
-
SSDEEP
12288:krom11ywGsPXkzyC6huT8dTz3bICDlT2Y+VpUxsg/7re57Ak9g:krom11yNKXkzyzNdjD+Vpcsgm5N9g
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4032 wrote to memory of 2512 4032 rundll32.exe 81 PID 4032 wrote to memory of 2512 4032 rundll32.exe 81 PID 4032 wrote to memory of 2512 4032 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d856c4b34474442118c810edc10cc33333df71abf30c7b1ac609e0eb3cd2e804.dll,#12⤵PID:2512
-