Analysis
-
max time kernel
115s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 20:28
Behavioral task
behavioral1
Sample
c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b.dll
-
Size
63KB
-
MD5
af61f90e6fcfaf276bfdb79a4a2c6b10
-
SHA1
cd5dfae0f14d580eea8f718b4fa34335cd9a8c03
-
SHA256
c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b
-
SHA512
8d2adf7e2a51b419adff3b5d060c5f90a8346e34528e7511b53b50d5712846eca25bdd3dc58d8b62ffbf57630b6f270977834086ad40b1580a38d3f4941f160c
-
SSDEEP
1536:Jd8cHHQRXmS6+csLfrTTEDIlE+u3CY23c/YFRHDkU6KQ:jfHcXkkTTiKE+u3C5cgTHDkUdQ
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3168-133-0x0000000010000000-0x000000001000E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3260 wrote to memory of 3168 3260 rundll32.exe 79 PID 3260 wrote to memory of 3168 3260 rundll32.exe 79 PID 3260 wrote to memory of 3168 3260 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7a81ea7738c96d5902a34f6688c0b112174949dc9af80fbbdcc870c062b806b.dll,#12⤵PID:3168
-