Analysis
-
max time kernel
141s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 21:08
Static task
static1
Behavioral task
behavioral1
Sample
5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll
Resource
win10v2004-20220812-en
General
-
Target
5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll
-
Size
88KB
-
MD5
4528e9aee524c24efb3f2d9c5cb19ee0
-
SHA1
df22938b123cab52fc7ae620f4e96b72d4fd2fed
-
SHA256
5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf
-
SHA512
f6b4827e9c4d45c17d7335153d591694d05ce873fadbf218814c3d3c8265010a69b3dd83ba7783880acccfd6eaf60c5e207b43ac6475a43e26b6771f5aa4d26d
-
SSDEEP
1536:j8CVk36NSfl//GRUiRCQKORgoGZ1apKCjNhq0i5vWMCsXR9S2:jlVhI9//GJRCQKOnOophq0/ont
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 4772 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 4772 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 4772 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5345ca3247d774981340fafeaf0a1cc74bd2dfc45cd6b8131b251d7de86740cf.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4772 -ip 47721⤵