Analysis
-
max time kernel
149s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 06:34
Static task
static1
Behavioral task
behavioral1
Sample
78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69.dll
Resource
win10v2004-20220812-en
General
-
Target
78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69.dll
-
Size
284KB
-
MD5
9a8b2c177c649f29fd4f87933a54eb10
-
SHA1
922f8e0479a28ac6ee708c0967d6405718ce466d
-
SHA256
78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69
-
SHA512
58a0483f562fc1a8683bc41e962b8ee43980faba9832c7c2bc78468982fe5adc47988ec6660a418da52440264fa3148ac920934be9c6381aa821affba92b2302
-
SSDEEP
6144:KhRUnSJUKfzj+DK9xSHYWCqr+6poaHqWwSNJ1bKiHop0:KhRUnSJUWjaKL2Ywr+6poa9ZJ1b3HY0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 396 wrote to memory of 4208 396 rundll32.exe rundll32.exe PID 396 wrote to memory of 4208 396 rundll32.exe rundll32.exe PID 396 wrote to memory of 4208 396 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\78e575983d771e35a4c7ff280872277178118b2f62b31ebcd33a401ba72f1a69.dll,#12⤵