Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 18:50
Static task
static1
Behavioral task
behavioral1
Sample
f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll
Resource
win10v2004-20220812-en
General
-
Target
f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll
-
Size
312KB
-
MD5
266710952349ee4feed65e58c7bb0ec0
-
SHA1
edc028b3087dd7a4362334fc6d52e35622bdcf56
-
SHA256
f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617
-
SHA512
73bc238d467732129f4e00281bda6e0e4b47a7a9974642ba65384f14b6d4e76967b4720ed52b0738018678f56e38c66c488cdecb94704920fcc0d1b7ebcacb89
-
SSDEEP
6144:7sQl8r0FiGAn4yZ6XtrOt5Jxfw2dHLUIpDCzi5ijH:BW6pufwI9CmwjH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4656 wrote to memory of 4860 4656 rundll32.exe rundll32.exe PID 4656 wrote to memory of 4860 4656 rundll32.exe rundll32.exe PID 4656 wrote to memory of 4860 4656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll,#12⤵