Analysis
-
max time kernel
53s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 02:42
Static task
static1
Behavioral task
behavioral1
Sample
f9b594774c6c9ec8aa4c2b67b2008e306c23ba94905c7f9868e754651130464f.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
f9b594774c6c9ec8aa4c2b67b2008e306c23ba94905c7f9868e754651130464f.dll
-
Size
235KB
-
MD5
0e3705fae4e53ed938fb4a24d04f0ef3
-
SHA1
4311b59c2ac76f38753c8ff3bdb9bc547fe380c3
-
SHA256
f9b594774c6c9ec8aa4c2b67b2008e306c23ba94905c7f9868e754651130464f
-
SHA512
cc93708a3f403a5e621e11d4e9529753d010dbb8357dccb04b79ef331266d6568a45c35c273ddfe0d3f4297b77092ba70c75ec8418840a0a0c340881df00ba79
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0f:jDgtfRQUHPw06MoV2nwTBlhm83
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4572 wrote to memory of 540 4572 rundll32.exe 76 PID 4572 wrote to memory of 540 4572 rundll32.exe 76 PID 4572 wrote to memory of 540 4572 rundll32.exe 76
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b594774c6c9ec8aa4c2b67b2008e306c23ba94905c7f9868e754651130464f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4572 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b594774c6c9ec8aa4c2b67b2008e306c23ba94905c7f9868e754651130464f.dll,#12⤵PID:540
-