Analysis
-
max time kernel
180s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:47
Behavioral task
behavioral1
Sample
fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8.dll
-
Size
72KB
-
MD5
d76832bbcf0e715291938d762cafc6e0
-
SHA1
bfe65600e6eb47bbf0ccf87f6d0354e11cc184d6
-
SHA256
fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8
-
SHA512
402531e4a8516555b50e7259f1d2e57f42ad1c3571df7a6da057882499f61b6e162c1ff73138dd9c15bb9ddd6d3c20911d2a4ee607e5317d80d42abd2c3eb961
-
SSDEEP
1536:7k876EopPvyPkOZaz0vChK5qg2hB+uMvVKtmLb+vDwEch:o87iyMAazqWeOvMNKP8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5100 wrote to memory of 4448 5100 rundll32.exe 81 PID 5100 wrote to memory of 4448 5100 rundll32.exe 81 PID 5100 wrote to memory of 4448 5100 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc879cc2902c8e8fe80f4af2996f1b7eee6beb9a62d885e19e16130cd11c8ab8.dll,#12⤵PID:4448
-