Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7.dll
Resource
win10v2004-20220812-en
General
-
Target
c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7.dll
-
Size
6KB
-
MD5
6a99287c4e719a61e18dec15c31c4bb0
-
SHA1
417f815cfa5668768204060b16f016d9a48474b1
-
SHA256
c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7
-
SHA512
cad6d40bbb3e5e6867589715ee00275e5fe1f678b9a8b24080c036c7493daa8a9733ce9642affa67d61358271af82ada372b26514657c8466f52021f6ecda051
-
SSDEEP
96:nEY2RrF1eqwi4I2+kd/VBbGrvk6AYHhIHH3w2VhNG0uLrfkW3fPi38By9xoL1mDk:EHRh1eppI2332Ashqw2Vh3gfkWcYQg6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4720 wrote to memory of 808 4720 rundll32.exe 80 PID 4720 wrote to memory of 808 4720 rundll32.exe 80 PID 4720 wrote to memory of 808 4720 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c04d0912ca7c29fd89925e279fb7206a4f933a9640bfb5e838efb156224572d7.dll,#12⤵PID:808
-