Analysis
-
max time kernel
112s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2022 14:11
Static task
static1
Behavioral task
behavioral1
Sample
e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664.dll
Resource
win10v2004-20220812-en
General
-
Target
e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664.dll
-
Size
72KB
-
MD5
7f3d3ce908c1472216c1a9078031d2b4
-
SHA1
20027305cda03c5c87f397833804749abd1b9d44
-
SHA256
e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664
-
SHA512
611639c5c0f4a091819c60a5a1caea44af4a606ebfeaf0d59e9797ff11843bb161f92802decc7d321550349f23097de2ed8491ad664d558a96ae74dd1d354dfa
-
SSDEEP
1536:ZpCC/bqwf0402Iwa6sRDhwFC7D2mEcStMAqOvyuE9zq/Xuc:swf04laDIC7SmMNqOvh2Lc
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\lokolera.dll rundll32.exe File opened for modification C:\Windows\SysWOW64\rihuleve rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2424 rundll32.exe 2424 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5072 wrote to memory of 2424 5072 rundll32.exe 80 PID 5072 wrote to memory of 2424 5072 rundll32.exe 80 PID 5072 wrote to memory of 2424 5072 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e0d1e3bd42ef7ae1a588fdf4714168d4d578355d3d9c951f9b320adb1d8c9664.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2424
-