Analysis
-
max time kernel
112s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 21:46
Static task
static1
Behavioral task
behavioral1
Sample
d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede.dll
-
Size
6KB
-
MD5
ae9946f06d5d73ec76a618e941666690
-
SHA1
281a52b8b765eb631974d88744617a56eed2fdac
-
SHA256
d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede
-
SHA512
f49182ecf592fa7ac188cdd2e160e969466a67398ca8d82e016807238658597864a53bcde4d1df135e8193e3c5568a74b17f8e39869b2ef0bb8ed944204b6b83
-
SSDEEP
192:EHRh1eppE4x2VIS/1Hwu6VO5a6/3HecPTJlfJ6cz:EHROtIrfv+EIc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5012 wrote to memory of 4928 5012 rundll32.exe 28 PID 5012 wrote to memory of 4928 5012 rundll32.exe 28 PID 5012 wrote to memory of 4928 5012 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d4cb04c6eb573274716dd835a8d0afe00d0007a31ae8408ff52171621ce43ede.dll,#12⤵PID:4928
-