Analysis
-
max time kernel
156s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9.dll
Resource
win10v2004-20221111-en
General
-
Target
2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9.dll
-
Size
3.6MB
-
MD5
54532d90ba9844ab2e34d4f37b3c3bd9
-
SHA1
21f7644b0816117149afa02cb2973ff28906e09a
-
SHA256
2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9
-
SHA512
85085e9bf144fbe0d7e152b7af62a698c54d2ba1868607fedb43bb208361464802a1be0172a97f0f13bbd074e0ec30be786565145bdf612185bf70a8a6c18953
-
SSDEEP
24576:fOM3Wrf85NUD6rkvjsUpqc2/NJzHjUUIGFDPob6nDY7cKunNaun/hBqSGcvzXlJa:fH1Vcujau/h4SGcrQmOrh97TUTRalb
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1968 rundll32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2348 wrote to memory of 1968 2348 rundll32.exe 85 PID 2348 wrote to memory of 1968 2348 rundll32.exe 85 PID 2348 wrote to memory of 1968 2348 rundll32.exe 85 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87 PID 1968 wrote to memory of 3832 1968 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb6c04c9c64b6e1f3bff890b93808c450f489e936bdfa2dde8ebb4ff229eee9.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"3⤵PID:3832
-
-