Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 15:52
Static task
static1
Behavioral task
behavioral1
Sample
3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll
Resource
win10v2004-20220812-en
General
-
Target
3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll
-
Size
87KB
-
MD5
73106f02c701e7ac7d4539ab60ceebdc
-
SHA1
2aa7a8cd1b925923af5486b0981bb1ef2f6ac4e6
-
SHA256
3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a
-
SHA512
0c7fd80106819ca4149fb67d5139742861d1139dfeb77925bd113ea7fc30a81fc90ea4a41451e9c0d3bfd83b75fd2627d88c0363d70abb42e5867869e09bd27d
-
SSDEEP
1536:mjqjoQQLyIie3SCMDaaUyuMX1EFGg9lu3qZJQLDIwzDKrVHOmWSEZ9:VopLT/fMWaruMlEdbu3qZJQLDIwvKrpe
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2820 wrote to memory of 3136 2820 rundll32.exe rundll32.exe PID 2820 wrote to memory of 3136 2820 rundll32.exe rundll32.exe PID 2820 wrote to memory of 3136 2820 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f04cac8720ba9018281301a2cc7313e51d2d3a79f4c22ca300c65c0b5821a8a.dll,#12⤵PID:3136