Analysis
-
max time kernel
183s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2022 08:40
Static task
static1
Behavioral task
behavioral1
Sample
d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll
-
Size
429KB
-
MD5
1793160b219c5b87342b1213683bfe80
-
SHA1
ac2287f59e52953cb659ec6a4b81cbbd66f028d2
-
SHA256
d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f
-
SHA512
3a030f6aced84350ea85d5bd6c054ba3dc52c7eb238e8868fe530f52de9726cd2eead836c5b3198ce19ff7fcba7fa20f027a4b6614c76ebb0483d0bac785cd64
-
SSDEEP
3072:aDKpt9sSR0HUHPwZWLnWVfEAzV2IMwTBftZmc+z+f3Q0J:aDgtfRQUHPw06MoV2dwTBlxm8h
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 540 wrote to memory of 632 540 rundll32.exe 81 PID 540 wrote to memory of 632 540 rundll32.exe 81 PID 540 wrote to memory of 632 540 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8d79511f8fe70fb5fd5a5637818d5db8d570f6f136725913e8e24dc5071ed5f.dll,#12⤵PID:632
-