Analysis
-
max time kernel
169s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:39
Behavioral task
behavioral1
Sample
d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll
Resource
win10v2004-20221111-en
General
-
Target
d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll
-
Size
113KB
-
MD5
753d394c2ed1a1ea4a5eaa6fba171307
-
SHA1
308a9ad7842a570289b3acc1e4011e8938426423
-
SHA256
d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7
-
SHA512
cf1c833bcbad8203cc67416be586e5ca63495456dc44518b85fc6fd018496a81299884f1701583f77321f80cc1a357d507d55cf375c3758865b4013aa607c7ca
-
SSDEEP
1536:o8b0zyJO5R1fGyPk8zS6lglv9xs+YuVfJfQViw1jkt5PY3P6d5sXmbHDK9hEz+ew:o8Ns5HuaKlAihQ5jcxgP6b9bjKlYU
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2320-133-0x0000000000A40000-0x0000000000A93000-memory.dmp upx behavioral2/memory/2320-134-0x0000000000A40000-0x0000000000A93000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3944 wrote to memory of 2320 3944 rundll32.exe rundll32.exe PID 3944 wrote to memory of 2320 3944 rundll32.exe rundll32.exe PID 3944 wrote to memory of 2320 3944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll,#12⤵