Analysis
-
max time kernel
137s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 13:17
Static task
static1
Behavioral task
behavioral1
Sample
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
Resource
win10v2004-20220901-en
General
-
Target
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
-
Size
489KB
-
MD5
1aea9113ae5e60e3f5494d4e34fb113d
-
SHA1
d6512ec1ed1b046256a2d1d45c1c61e1d6c96140
-
SHA256
f524cdc6225f17080cbfef59486da73a75a3eb5814e12fae029e7b53418f18df
-
SHA512
ba1839206ecfd1e1ce8e676cfaad58d077eb91059bb683fab60e70e8a11a064c19eb70f9b7164d0b2f5fd4848e72eb5c17c6bad9d939fe649af5cf2ff07c589b
-
SSDEEP
6144:ayIyWeddvZz2Kxn2ZJUa5Vmp9GGlyxHb4Ja/U:7vdVR9Ha52G+qHb4E/U
Malware Config
Signatures
-
Blocklisted process makes network request 6 IoCs
Processes:
rundll32.exeflow pid process 4 2824 rundll32.exe 25 2824 rundll32.exe 41 2824 rundll32.exe 43 2824 rundll32.exe 46 2824 rundll32.exe 47 2824 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4384 wrote to memory of 2824 4384 rundll32.exe rundll32.exe PID 4384 wrote to memory of 2824 4384 rundll32.exe rundll32.exe PID 4384 wrote to memory of 2824 4384 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#12⤵
- Blocklisted process makes network request
PID:2824