Analysis
-
max time kernel
149s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 18:09
Static task
static1
Behavioral task
behavioral1
Sample
c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6.dll
-
Size
57KB
-
MD5
89d3013a3b279acbf75f83d8dd7ec188
-
SHA1
076193efb4c7d9eed824838376014abee8395b51
-
SHA256
c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6
-
SHA512
274afb2a5cc495fd1e89d5c8478710646c1f0ef423c21e68e72865a524d56dc8e66bc6ab0dfce28be16b96c2979ea96a8468883820c2335303fb639e14497183
-
SSDEEP
1536:zNIKDp4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:6qp4YU6ErtGNEKIpCT
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4288 wrote to memory of 1000 4288 rundll32.exe 83 PID 4288 wrote to memory of 1000 4288 rundll32.exe 83 PID 4288 wrote to memory of 1000 4288 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3c2ca1b6b4de66c60dad9f6babe1c1d37c91bfcf858056b85bb0e2761c696d6.dll,#12⤵PID:1000
-