Analysis
-
max time kernel
196s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 20:17
Behavioral task
behavioral1
Sample
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
Resource
win10v2004-20220812-en
General
-
Target
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
-
Size
318KB
-
MD5
537402ee556a3cd05552ec9a64a2ef07
-
SHA1
12768e31c3268fc76c701bf128be96c946fef45a
-
SHA256
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
-
SHA512
a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d
-
SSDEEP
6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1396-133-0x0000000075860000-0x0000000075909000-memory.dmp vmprotect behavioral2/memory/1396-134-0x0000000075860000-0x0000000075909000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2556 wrote to memory of 1396 2556 rundll32.exe rundll32.exe PID 2556 wrote to memory of 1396 2556 rundll32.exe rundll32.exe PID 2556 wrote to memory of 1396 2556 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#12⤵