Analysis
-
max time kernel
90s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 22:32
Behavioral task
behavioral1
Sample
6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll
-
Size
454KB
-
MD5
5ad3c9a110805a3bca36a19d490588d0
-
SHA1
ad14f8d70103364b552e5a27cc1b9273009540ea
-
SHA256
6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431
-
SHA512
dcd514033c9159ce52ff5b9c6014ea94801177650fb1054f724ba9ad72eb053ff55a986bf9f74df03065938613559eee721aad8c3a082a9fabef0cd90735e48d
-
SSDEEP
12288:oxmebWhic2+e7OqFzrzwRP/BWQ+6iVeKAd8L:ooe2ic2+KO5JBbiVeKAy
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1312-134-0x0000000000400000-0x0000000000501000-memory.dmp vmprotect behavioral2/memory/1312-135-0x0000000000400000-0x0000000000501000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4252 wrote to memory of 1312 4252 rundll32.exe rundll32.exe PID 4252 wrote to memory of 1312 4252 rundll32.exe rundll32.exe PID 4252 wrote to memory of 1312 4252 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll,#12⤵PID:1312