Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:35
Behavioral task
behavioral1
Sample
b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48.dll
Resource
win10v2004-20220812-en
General
-
Target
b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48.dll
-
Size
254KB
-
MD5
4a811f1ca0f56a5d4f1f9d5778bb9280
-
SHA1
6f7aa64d55c351e3ee4f147c66ade61bf8fb46d9
-
SHA256
b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48
-
SHA512
f3c90b2bfa7ee16cc434a7a3d25b9cf4164eadb90dc0e6ce59fc80271136aef7a1e2410f829e4a88e7fa66f15c9e9288ccff8b1b82b7c134ddaec33e5dad736e
-
SSDEEP
6144:B+Yf+XFDk8zQOvzCZlYGtlJ4rC31FbJ9ClvmRQFkz+57J/U3C4lpWum5z:Ut/xvzCZl9t4rClRJ9Clvy+57myowumF
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2056-133-0x0000000000B80000-0x0000000000C06000-memory.dmp vmprotect behavioral2/memory/2056-134-0x0000000000B80000-0x0000000000C06000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3680 wrote to memory of 2056 3680 rundll32.exe rundll32.exe PID 3680 wrote to memory of 2056 3680 rundll32.exe rundll32.exe PID 3680 wrote to memory of 2056 3680 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b889df6190f6d05370d6496d046abc978b5d908906a3e6d3ba7fbd6b8f7f2d48.dll,#12⤵PID:2056