Analysis
-
max time kernel
180s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 13:17
Static task
static1
Behavioral task
behavioral1
Sample
d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll
Resource
win10v2004-20221111-en
General
-
Target
d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll
-
Size
372KB
-
MD5
0be42c5f706143804ce88603a74f692c
-
SHA1
fe273aa5d5ccb4c788855f608ac990dc70b6cae8
-
SHA256
d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417
-
SHA512
8f924648d88aba655db1aa3235ebf851595edf9411dcdf3e0ab59882f0bc73309c660f907bec35661416ae3dc40859d44ebe602c45b6ea972ecc46e3e8f1f67c
-
SSDEEP
6144:PCd3ldSuQWJ6hWxlhKFXvFbdGGpFHLFLiPGdMMC1k19i3Sye+JNe:P+NTJ6UjcJplwP2FRHUSyZm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1020 wrote to memory of 2564 1020 rundll32.exe 83 PID 1020 wrote to memory of 2564 1020 rundll32.exe 83 PID 1020 wrote to memory of 2564 1020 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll,#12⤵PID:2564
-