Analysis
-
max time kernel
180s -
max time network
211s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 05:58
Static task
static1
Behavioral task
behavioral1
Sample
a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll
Resource
win10v2004-20221111-en
General
-
Target
a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll
-
Size
1009KB
-
MD5
edf3fe69e57633fcc80b18e5ed34d2d0
-
SHA1
d3957c112ed7e30e5b11622de546c31da919c874
-
SHA256
a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520
-
SHA512
1cfc85aae03424cb267dbe694b6d644e392c5630fda19b681424c504241a3f7c15409a49342c9c438a358ea40974031e7982ecb65fdf150bf05faf84404fd676
-
SSDEEP
6144:7YAoZe2Pq+my/eyjU4fQYq//t8oXk/a4fJPcu6l8ohteJqBcNOER7bWGug/ozffQ:7Y9ZvcygMQYq/1KBEjSohty1yZs
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4700 rundll32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe 4700 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4288 wrote to memory of 4700 4288 rundll32.exe 82 PID 4288 wrote to memory of 4700 4288 rundll32.exe 82 PID 4288 wrote to memory of 4700 4288 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4700
-