Analysis
-
max time kernel
90s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2022 17:21
Static task
static1
Behavioral task
behavioral1
Sample
e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll
-
Size
704KB
-
MD5
09ca79ea116cddbbb6939426481adde0
-
SHA1
74bac539c9172128f45900cc2a14d4063e7cc6f4
-
SHA256
e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556
-
SHA512
41deaa702a3602812dbfd023b8bda80f88bb93f9b6de2f7f249bed3dd57e61031421f125892a35594577b732dc0aa533a779ed011d8415bfc80be7e3ef8991e8
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDW:o6C5AXbMn7UI1FoV2gwTBlrIckPI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5004 wrote to memory of 4896 5004 rundll32.exe 81 PID 5004 wrote to memory of 4896 5004 rundll32.exe 81 PID 5004 wrote to memory of 4896 5004 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5f241338456d8bb21f5e5cd1cb39ffe64ecadfc09dd3003afcc14fa48150556.dll,#12⤵PID:4896
-