Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:02
Static task
static1
Behavioral task
behavioral1
Sample
4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll
Resource
win10v2004-20221111-en
General
-
Target
4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll
-
Size
796KB
-
MD5
46b5e1379904504d9b5802b47dc658eb
-
SHA1
4084590141f185e4394200ab4036f036e80fd20e
-
SHA256
4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a
-
SHA512
45f1930885666056d5262d03c2b6cc251fd4489979e785fc0c1ef9e50ec1c7764220a4a81acc008fb005e78b667e2897ec5480ccd9e78c3358da26a664196682
-
SSDEEP
12288:O7tdNvcfzY8B4L6CeHhpQzS2KRWC6/7+hhVp0RsamYkzuKD/9WVuVO+3pJsbIPvm:O7tdZGwRsamY0Rp4+3gkF7IiCe43e32
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2256 wrote to memory of 2484 2256 rundll32.exe rundll32.exe PID 2256 wrote to memory of 2484 2256 rundll32.exe rundll32.exe PID 2256 wrote to memory of 2484 2256 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll,#12⤵PID:2484