Analysis
-
max time kernel
201s -
max time network
209s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 06:42
Behavioral task
behavioral1
Sample
c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe.dll
Resource
win10v2004-20221111-en
General
-
Target
c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe.dll
-
Size
691KB
-
MD5
620a0a9340ff138672e1b796a9f8e910
-
SHA1
b908d9a1310288ea3432ea4d6ea0f36efaaee324
-
SHA256
c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe
-
SHA512
2262364a751c78ebd826d8d277c5c4fdb27da0db22aa98256de7bd5e2f29e8cd47633a91da2474d4d567ac6b7fcd660d6a67fc7d5abde0274fe0c007ea42b06d
-
SSDEEP
12288:vn2z1fdJPN/A7OC3ffPCLckVfjx87Kd/ILeWKRHJPoOyQ3I32vISVw4zXK7c7lbv:uz17WyCPacKfjxwKdwLINiVQ4mQSa4a4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 364 wrote to memory of 1888 364 rundll32.exe 84 PID 364 wrote to memory of 1888 364 rundll32.exe 84 PID 364 wrote to memory of 1888 364 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c33dd48ec1a5625c42dc550de97ac02e8c788b261e5dbac9aa137f9db1257fbe.dll,#12⤵PID:1888
-