Analysis
-
max time kernel
91s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 09:50
Behavioral task
behavioral1
Sample
3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll
Resource
win10v2004-20220901-en
General
-
Target
3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll
-
Size
691KB
-
MD5
5528c3bed7d7331379f56f2b1e7a05f0
-
SHA1
54afa283f2298853595b71e6cc235acec6151603
-
SHA256
3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02
-
SHA512
7e249fcbb53bd5b5f2f901df6baac37d7bf1557a324ec2ed078c995991ae391fb2d65feec28b1369c18a5a75bfcd88d9aedfaebf9812c92221a0efa5348510a2
-
SSDEEP
12288:vn2z1fdJPN/A7OC3ffPCLckVfjx87Kd/ILeWKRHJPoOyQ3I32vISVw4zXK7c7lbm:uz17WyCPacKfjxwKdwLINiVQ4mQSa4aF
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/5068-133-0x0000000010000000-0x00000000100F1000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4032 wrote to memory of 5068 4032 rundll32.exe rundll32.exe PID 4032 wrote to memory of 5068 4032 rundll32.exe rundll32.exe PID 4032 wrote to memory of 5068 4032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll,#12⤵