Analysis
-
max time kernel
144s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 08:46
Static task
static1
Behavioral task
behavioral1
Sample
331399dec1fcfedad29ee722e83a0a007c0027fe3840b4898c77007f3c8c58b4.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
331399dec1fcfedad29ee722e83a0a007c0027fe3840b4898c77007f3c8c58b4.dll
-
Size
511KB
-
MD5
cf272ccc82f2fd92967d6dced15551a0
-
SHA1
ba95df564c0de4dd6fcbd55f65bb693d716bdfd9
-
SHA256
331399dec1fcfedad29ee722e83a0a007c0027fe3840b4898c77007f3c8c58b4
-
SHA512
287599cd6f40896e27644d58dd5beb34e4865288bf8310c06463bd4fcb92ffc89bbabd75f3ffd5867b4596072582dc215d5be7eee0b070b64fac7e6da1008a37
-
SSDEEP
3072:oDKpt9sSR0HUHPwZWLnWVfEAzV2INwTBftZmc+z+f3Q0K:oDgtfRQUHPw06MoV2swTBlxm8C
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1628 wrote to memory of 2688 1628 rundll32.exe 81 PID 1628 wrote to memory of 2688 1628 rundll32.exe 81 PID 1628 wrote to memory of 2688 1628 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\331399dec1fcfedad29ee722e83a0a007c0027fe3840b4898c77007f3c8c58b4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\331399dec1fcfedad29ee722e83a0a007c0027fe3840b4898c77007f3c8c58b4.dll,#12⤵PID:2688
-