Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2022 17:54
Static task
static1
Behavioral task
behavioral1
Sample
c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll
Resource
win10v2004-20220812-en
General
-
Target
c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll
-
Size
90KB
-
MD5
8b907e5b2ca2d7fd5388bd308e95c823
-
SHA1
a0b68400be05974199e3567c02a162728d19f909
-
SHA256
c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d
-
SHA512
cbe094a747e836e6db26e4934ae368971bba304b3cb41a54269012702397e037e10d13dca1245c52254c4dc1a44045ff893b8e7673972c73f9ef63e58e50c8f7
-
SSDEEP
1536:gpr7U/BfbvkEr0kVKSCNuBeQTXrcuLwwqJjpx5FNta2yp6e/+8LTcwkk:gV7ojvvVtVBeEXAuLwDFFNtDyceW8HV5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2148 wrote to memory of 4428 2148 rundll32.exe rundll32.exe PID 2148 wrote to memory of 4428 2148 rundll32.exe rundll32.exe PID 2148 wrote to memory of 4428 2148 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c2f846e094adff75d54f4d31986842fbc25ba215ce8407d234464b3f759b851d.dll,#12⤵