Analysis
-
max time kernel
190s -
max time network
208s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 00:35
Static task
static1
Behavioral task
behavioral1
Sample
d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2.dll
Resource
win10v2004-20221111-en
General
-
Target
d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2.dll
-
Size
5KB
-
MD5
385496d96c39f0488d751b4bb4355e10
-
SHA1
70c7985ca37af104113ae8938b5d3053d81a0476
-
SHA256
d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2
-
SHA512
50925077fbd1fee77a1a1d34673915615ef89aa9b78aff7cc1b2cf9625df08c326fc972198700bd93450afca8fd0380b7ecc3741a541ca6c3aceb2d968342fc2
-
SSDEEP
48:a5zjMTGcITBVQVE1lcRw/FwFJUT13KT/X8gqBxtDnstsdz:iT3Qu8RwNM6aLXvwDsydz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4356 wrote to memory of 2044 4356 rundll32.exe 81 PID 4356 wrote to memory of 2044 4356 rundll32.exe 81 PID 4356 wrote to memory of 2044 4356 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3115288fb51f4ff8c18062305bbecb1ad418661b75d572ca26791e3ad2938f2.dll,#12⤵PID:2044
-