Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2022 23:28
Behavioral task
behavioral1
Sample
5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a.dll
-
Size
22KB
-
MD5
a2396faf377c614f8640cbd11c872c22
-
SHA1
26649c4a62763cc28fc62da483eb5c47c815f911
-
SHA256
5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a
-
SHA512
003b0f3551dcf3eab48decdfdd815aed5dcce0e092b604d56714bdd8e9a8390cbf0eca2d59638f57a70335dd05af56f8fc49d2ef97b1592fa32a520a77ab5c74
-
SSDEEP
384:TeH+tWzlSDrb5+gIS3a2Oaa2pbNGJ38pPJv1TCAxAr6+S9Pfu7n5n:dtWurb6SOaVwYxv1TlxndeVn
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2340 wrote to memory of 4016 2340 rundll32.exe 83 PID 2340 wrote to memory of 4016 2340 rundll32.exe 83 PID 2340 wrote to memory of 4016 2340 rundll32.exe 83 PID 4016 wrote to memory of 804 4016 rundll32.exe 84 PID 4016 wrote to memory of 804 4016 rundll32.exe 84 PID 4016 wrote to memory of 804 4016 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff0f0f275f8705cc51c8c804093aa95d1d0313220f835fe3963dbdc5513c30a.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Windows\SysWOW64\Wscript.exeWscript.exe c:\windows\ime\vbs\pp.vbs3⤵PID:804
-
-