Analysis
-
max time kernel
173s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:01
Static task
static1
Behavioral task
behavioral1
Sample
0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll
Resource
win10v2004-20220812-en
General
-
Target
0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll
-
Size
359KB
-
MD5
45507f626ae64769129812a2b6141d4c
-
SHA1
d355c9d8771eae58c88de8d892728286e1cab56b
-
SHA256
0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb
-
SHA512
c06870d4c42180ea2fd11ddddeec69648ec59b9933596a25649bd0559ed73857c07dd08ec5c01613cb23b79e3134e3fc1b235727942b02a98cf06aaae8bc4216
-
SSDEEP
6144:BwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:CkI4nJmRz9PGGjkrgoN9Ppymfkn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3416 wrote to memory of 3448 3416 rundll32.exe rundll32.exe PID 3416 wrote to memory of 3448 3416 rundll32.exe rundll32.exe PID 3416 wrote to memory of 3448 3416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll,#12⤵PID:3448