Analysis
-
max time kernel
74s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 13:18
Static task
static1
Behavioral task
behavioral1
Sample
052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1.dll
Resource
win10v2004-20220901-en
1 signatures
150 seconds
General
-
Target
052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1.dll
-
Size
37KB
-
MD5
836522f9d289c93fb7f250bbd1eab020
-
SHA1
b180caa523c3a13a40f1956ba3d4afbd86ef223a
-
SHA256
052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1
-
SHA512
7786a04711be29676b32eb51d7cf4f1bb39b9477de50661c0812881cf5fd9ba84cfa61a7435887d61ac2d39d7d17d6bfedcb7934409ac02bf1fc6e23d25d20e6
-
SSDEEP
768:ItoC8iTBGo571TseLK97sXBj2rB8oZ7u49:YqiTBG8pAP7ICqo9N9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5080 wrote to memory of 4328 5080 rundll32.exe 76 PID 5080 wrote to memory of 4328 5080 rundll32.exe 76 PID 5080 wrote to memory of 4328 5080 rundll32.exe 76
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\052be9167c26eaaedeeffa24bc0126c0a3d582bcab9189649912f95ada2d57f1.dll,#12⤵PID:4328
-