Analysis
-
max time kernel
134s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 18:56
Static task
static1
Behavioral task
behavioral1
Sample
f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll
Resource
win10v2004-20220812-en
General
-
Target
f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll
-
Size
11KB
-
MD5
2797a8300657cfbdd5bf81a9b3c3cbe8
-
SHA1
8fd231eca4da2514bb372d0e1c9da480d13382de
-
SHA256
f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e
-
SHA512
82bec7d163e36dc0f2127586db182cbc64fea11990efa607758ea05e09c2289335c5be9ce6b7a7ce4ff54c459bf7177a271029e83c31e7044740f1d595699f5f
-
SSDEEP
192:RRuKUt5m3v7JEveUCKG85Lxzbu9jvMl2N98MgK3dU0c/uhYhALq4hoxkTinfR14c:/uKTjJdSGILxuZ5Nntc/uecqqk5fR1AM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4236 wrote to memory of 4120 4236 rundll32.exe rundll32.exe PID 4236 wrote to memory of 4120 4236 rundll32.exe rundll32.exe PID 4236 wrote to memory of 4120 4236 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f6f9e2a81ba8bdcc8462a1390502f1a8a6e777716f5261468100fd4ac116995e.dll,#12⤵