Analysis
-
max time kernel
94s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 19:05
Static task
static1
Behavioral task
behavioral1
Sample
5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll
Resource
win10v2004-20220812-en
General
-
Target
5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll
-
Size
739KB
-
MD5
04eea8f6b9ce0dafc9479a1c2bcd34d6
-
SHA1
7cc143dda35c90ca401879a066e815b65a1592a0
-
SHA256
5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59
-
SHA512
ca6de25994b69faf101f5333fea1be46e3f17d3144f8357ffd1c493e85657d60b32281c155c65ca5624fe8b92e1fe985c1ccffe69fe3ff43c65bbbb368a2d34a
-
SSDEEP
12288:0jsUzfz0LLWlMUd4gqt+2hniu5vRnTCniBlYx84Qz+:pUrgLW6g4AS5vRnTCniBlYx84Qa
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4284 wrote to memory of 2776 4284 rundll32.exe rundll32.exe PID 4284 wrote to memory of 2776 4284 rundll32.exe rundll32.exe PID 4284 wrote to memory of 2776 4284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll,#12⤵