Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 05:42
Behavioral task
behavioral1
Sample
8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll
Resource
win10v2004-20220812-en
General
-
Target
8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll
-
Size
140KB
-
MD5
4c3c98a2bc24f6916b99bb98d95236a0
-
SHA1
a80f93ca10f5d840075d9f0a8637eabc765a1a31
-
SHA256
8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4
-
SHA512
94479d501cbe2081871489061446502317c590119cd4a62a185055cfe88940ccf18cc38bf8bb9cc545e26bdc56fb52652e9173562fea31711e9013d24f651b21
-
SSDEEP
3072:k1AlvtMoYAGfT1Gn0MIiCL5FxKJ1XIBrc+EH1ECoL9txX+fTP:woaxT1Q0MIuJ14hc9H1N8txm
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4636-133-0x0000000010000000-0x0000000010058000-memory.dmp vmprotect behavioral2/memory/4636-136-0x0000000010000000-0x0000000010058000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5044 wrote to memory of 4636 5044 rundll32.exe rundll32.exe PID 5044 wrote to memory of 4636 5044 rundll32.exe rundll32.exe PID 5044 wrote to memory of 4636 5044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll,#12⤵