Analysis
-
max time kernel
112s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 19:34
Behavioral task
behavioral1
Sample
Orçamento.dll
Resource
win7-20221111-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Orçamento.dll
Resource
win10v2004-20220901-en
2 signatures
150 seconds
General
-
Target
Orçamento.dll
-
Size
205KB
-
MD5
c9e67552c030ad4903b80f422da0cc41
-
SHA1
c587fef0f20ecc07eebcc5425d6925d67117d30c
-
SHA256
d99de2573b086455f015100b2bbf7c3c31a4cdc1cf993c0631ef128760f23545
-
SHA512
acb58a0b2dc0c8710c6683f4e0fe0d90d432a0bbdf6551f8eeaa35322c180e36de5c9de9052f793b2b331b3815f78a314b25347a0e208c424c403b640eab9f0c
-
SSDEEP
3072:kinRXDzOVyqIRADkihZ0I9Wm4v/60gsQDNShPcMAxBbMvvyA55wVh7okiRj:kinR+VyqyWjh2eAMsQ0hEM+ZMvh5wni
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3180-133-0x0000000000400000-0x000000000048E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2128 wrote to memory of 3180 2128 rundll32.exe rundll32.exe PID 2128 wrote to memory of 3180 2128 rundll32.exe rundll32.exe PID 2128 wrote to memory of 3180 2128 rundll32.exe rundll32.exe