Analysis
-
max time kernel
185s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:39
Behavioral task
behavioral1
Sample
83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll
-
Size
113KB
-
MD5
9d85a2c35805ddc04c8a894597d7cd6a
-
SHA1
3e3f63519555416f0789121f90628b6759908f2f
-
SHA256
83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849
-
SHA512
e52c8dabd8bf5c4ab7497dd3d99d4f2ca31e811dbb0243cb4f6d67e7c374fc0960d6f54a7705f7c2708fd96dccec3fdef4ee3c0d2bafbcae9876fc0310924ca6
-
SSDEEP
3072:G8Ns5HuaKlAihQ5jcxgP6b9bjKd5Dm0x:G8Ns5HudlZ8Ijm9l
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/752-133-0x0000000000400000-0x0000000000453000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1328 wrote to memory of 752 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 752 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 752 1328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll,#12⤵PID:752