Analysis
-
max time kernel
79s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 23:21
Behavioral task
behavioral1
Sample
8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965.dll
Resource
win10v2004-20220812-en
General
-
Target
8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965.dll
-
Size
170KB
-
MD5
4610f9d99f825d07deff4df1f2c9f610
-
SHA1
93ba5f352ca7700b5acab02bb625ba575a052853
-
SHA256
8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965
-
SHA512
3f05e4d830ecf3a8bf05ee271c0c2c5524c081580047be87bd0251b6bacf8bd18c4f1f2eecd7ced1e7c00fdcabfe6255ccec1760b95db0a61d6870590638dc33
-
SSDEEP
3072:ETtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:S2XPbGO1JSIwftiqisoelfVa
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3168-133-0x00000000751E0000-0x0000000075211000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 3168 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3260 wrote to memory of 3168 3260 rundll32.exe rundll32.exe PID 3260 wrote to memory of 3168 3260 rundll32.exe rundll32.exe PID 3260 wrote to memory of 3168 3260 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8591627ba21620fcf45cf0f3b9e44fc90b33b0edf4387371fdd11635e3c16965.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3168