Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:50
Behavioral task
behavioral1
Sample
14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8.dll
-
Size
73KB
-
MD5
35eea469ebe12dd8ecf0459d168a17c2
-
SHA1
bada0d250e9d0dc1cf2d1e270357fcb8084f24fe
-
SHA256
14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8
-
SHA512
238d6d9c8a2fe41fe2c2b6333fa7d3893ef9d2df026e990071f82c96334ac5843b9f8ef5a7a557ebfc4cb7892e538a6ecf2b79694aa7521bbfd4e61cea339add
-
SSDEEP
1536:GQ3tfgXKlSiDUls0lv7Ne428CFVIvHNsAzpXWvvyGBc2NtjoJ:VfgXKlNDUWr428UiMybNJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4640 wrote to memory of 3036 4640 rundll32.exe 81 PID 4640 wrote to memory of 3036 4640 rundll32.exe 81 PID 4640 wrote to memory of 3036 4640 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14094333475bcfad6a6ef4cac9c91ebd6afdcf72a22f98dad419eb63176fd9d8.dll,#12⤵PID:3036
-