Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 13:30
Static task
static1
Behavioral task
behavioral1
Sample
fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll
Resource
win10v2004-20220812-en
General
-
Target
fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll
-
Size
19KB
-
MD5
f58d1d4c09a0390b2956edb9c7f03ac4
-
SHA1
313f1d76ada308664b4deada79997b948ff16eab
-
SHA256
fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e
-
SHA512
60b92a56ba9b8737b21d40f5d1a7c475b849a51fffe2d6fd77e366d9e42f4dab5f7f80e43ceb43f648af2a5bf950d1add67545604c230e50825e02022bad3aa7
-
SSDEEP
384:jQNm+awSIqEy+xng67fXsCZejfY1YhJpJgLa0MpHr:MNjSIhy4fXsfrvjgLa1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2224 2268 rundll32.exe 81 PID 2268 wrote to memory of 2224 2268 rundll32.exe 81 PID 2268 wrote to memory of 2224 2268 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#12⤵PID:2224
-