Analysis
-
max time kernel
69s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2022, 16:43 UTC
Static task
static1
Behavioral task
behavioral1
Sample
0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616.dll
Resource
win10v2004-20220812-en
General
-
Target
0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616.dll
-
Size
56KB
-
MD5
36e326eb8219d5980883ef3089994317
-
SHA1
589a4da612631132e0a52b1b7045881ffa2cfc81
-
SHA256
0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616
-
SHA512
7638d9cf8c137246dba2f996ef06e444bea66b6c342f14c5108030f58d2eed300f37da82a600a9e213ac37edfb4419f42a7ea3b6f976ddf0776d809fb3323cab
-
SSDEEP
1536:6LJ2rfBAN4GoEtL0ujDvA4WdYo1boOw/BDrJ3a7EwCEI:P89Po15w/BHJq7E2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 768 wrote to memory of 1080 768 rundll32.exe 80 PID 768 wrote to memory of 1080 768 rundll32.exe 80 PID 768 wrote to memory of 1080 768 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0a721d8f309136a57663b323fbd60a8ed6492030547b2a6196cbddec5e8ba616.dll,#12⤵PID:1080
-