Analysis
-
max time kernel
229s -
max time network
280s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 18:51
Static task
static1
Behavioral task
behavioral1
Sample
7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll
Resource
win10v2004-20221111-en
General
-
Target
7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll
-
Size
10KB
-
MD5
3e5156ac68cb5ed8f0450eb97f340efb
-
SHA1
96ccd419618c99059d01448a11cab05b2376c9bf
-
SHA256
7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce
-
SHA512
2426afe85d16c4c9d6e6cb4d3fa37dea38b3d0642eee3000151bb8ad4d3c2c5bd9033828e53ae7baa8958948caed7dd5ed50df4bd4a200c0b80f6f1849d19ac7
-
SSDEEP
192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o92b:48jhdHad/z20IyFWakC84dWaWak8cdWj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3924 wrote to memory of 3928 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3928 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3928 3924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll,#12⤵