Analysis
-
max time kernel
160s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 12:56
Static task
static1
Behavioral task
behavioral1
Sample
3dc6d14bc48ee2892c12c2a83afea5be5a5fd3477c94eca1be2c7fc36559f610.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
3dc6d14bc48ee2892c12c2a83afea5be5a5fd3477c94eca1be2c7fc36559f610.dll
-
Size
548KB
-
MD5
663fca5dd1e11dd39cc4645fb320ffb0
-
SHA1
e92cf50896c250fde3022639557ba5dc3fdac09c
-
SHA256
3dc6d14bc48ee2892c12c2a83afea5be5a5fd3477c94eca1be2c7fc36559f610
-
SHA512
4373356cf5fab11cd8cb2cc73c98109ea4136a2b7620e6a6fcd65644b6e11232f35f49f19bfdc512f61d28d8dad55d83b89517d1f8b80c9775d8652b2fbbcb36
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0w:jDgtfRQUHPw06MoV2nwTBlhm8o
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3932 wrote to memory of 1456 3932 rundll32.exe 83 PID 3932 wrote to memory of 1456 3932 rundll32.exe 83 PID 3932 wrote to memory of 1456 3932 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc6d14bc48ee2892c12c2a83afea5be5a5fd3477c94eca1be2c7fc36559f610.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc6d14bc48ee2892c12c2a83afea5be5a5fd3477c94eca1be2c7fc36559f610.dll,#12⤵PID:1456
-