Analysis
-
max time kernel
186s -
max time network
213s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 17:11
Static task
static1
Behavioral task
behavioral1
Sample
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
Resource
win10v2004-20221111-en
General
-
Target
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
-
Size
159KB
-
MD5
35bc6ead6a1c06bd243e293f855ed848
-
SHA1
55a01a73388d4396536e74376b4fd1681920a9a8
-
SHA256
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b
-
SHA512
9250c90bd63df938796065e82310e8cdeea6d7f6b375cd679fbd431cdedd670535565f17c7d30b6ac7d09e11ebf77953d5fa7c98af1791342bd0d1193c8a2d09
-
SSDEEP
3072:pG6Y+kD84LYxXJ7weAn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:Rhy0C2ckJ4f+iBRjv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3108 wrote to memory of 204 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 204 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 204 3108 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#12⤵