Analysis
-
max time kernel
164s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 12:56
Static task
static1
Behavioral task
behavioral1
Sample
344463963ed0c758f4a1201242e8f68ef72d3c87376ca8f4d9ec170e140df29b.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
344463963ed0c758f4a1201242e8f68ef72d3c87376ca8f4d9ec170e140df29b.dll
-
Size
306KB
-
MD5
d1bdd603b433afc8adaa3ebc391401c0
-
SHA1
8dd39d04c7916390090a1672c157a5df7c9c2cc9
-
SHA256
344463963ed0c758f4a1201242e8f68ef72d3c87376ca8f4d9ec170e140df29b
-
SHA512
1cb62f440f4804adaa27f54f85ac4d93d736f5b09864376d428d406ec18ba0b6a3725d222161b75c552a17455fbfea7284a822c6416ec8bc24d213b0e8f464ef
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0W:jDgtfRQUHPw06MoV2nwTBlhm8O
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3312 wrote to memory of 4248 3312 rundll32.exe 79 PID 3312 wrote to memory of 4248 3312 rundll32.exe 79 PID 3312 wrote to memory of 4248 3312 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\344463963ed0c758f4a1201242e8f68ef72d3c87376ca8f4d9ec170e140df29b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\344463963ed0c758f4a1201242e8f68ef72d3c87376ca8f4d9ec170e140df29b.dll,#12⤵PID:4248
-