Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 16:05
Behavioral task
behavioral1
Sample
Documento.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Documento.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
Documento.dll
-
Size
642KB
-
MD5
66277003da051e53efed47c8954ac015
-
SHA1
d94807fb05e8604d8d7c6a0eeac8ecf23dcd8cbf
-
SHA256
a83f593a5204dad08856c89cd941a3b5ece1e7f13d2433c6343b9cd9ed7a73cb
-
SHA512
23c47b50ab2207524b9941f3ff1bf2cf4d08db3985eef4c83d4a2d8b8cdfa8c060b71717e5deeb715b29093832ba02128dbf8b6ba52c8262e53e19357971702c
-
SSDEEP
12288:xKxfRvv3Mt6Vtg6a2hPRmwB1iCgJg0GF2btvYm3+Aa:xKxpvv3Mt6Vu72h5mQgd40YW9
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3692-133-0x0000000002380000-0x00000000024E1000-memory.dmp vmprotect behavioral2/memory/3692-134-0x0000000002380000-0x00000000024E1000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4808 wrote to memory of 3692 4808 rundll32.exe rundll32.exe PID 4808 wrote to memory of 3692 4808 rundll32.exe rundll32.exe PID 4808 wrote to memory of 3692 4808 rundll32.exe rundll32.exe