Analysis
-
max time kernel
151s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 22:13
Static task
static1
Behavioral task
behavioral1
Sample
e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll
Resource
win10v2004-20221111-en
General
-
Target
e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll
-
Size
28KB
-
MD5
b7aad9d964a4e3ca5e2c377e27d4d519
-
SHA1
aa635b94cdbfdddcfc2b6781470ff00f92ab2077
-
SHA256
e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be
-
SHA512
18f6686b05dd112c7663d94f3e8b28a3a20c98ba1320270092ab70f1fdd4a5fb59060d05fb38782f9d692ab182d9e195c2b879df5a64248665b0adf933114545
-
SSDEEP
192:WhasgJMB4NaFVniTADNqIjC3+spKhqNpiHlgpTy/mpfpTV3:AasHtX8YN9jC3+SKw7Lpu/mpfpR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2516 wrote to memory of 4692 2516 rundll32.exe 84 PID 2516 wrote to memory of 4692 2516 rundll32.exe 84 PID 2516 wrote to memory of 4692 2516 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll,#12⤵PID:4692
-