Analysis
-
max time kernel
146s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 07:52
Static task
static1
Behavioral task
behavioral1
Sample
b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll
Resource
win10v2004-20221111-en
General
-
Target
b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll
-
Size
359KB
-
MD5
3d4bf79c39faaa11489486ba2aa247b7
-
SHA1
15b8d466f4432d15eb916f9e7d6cc051e6f4e186
-
SHA256
b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27
-
SHA512
0c7508e078312bc3b9db4ae45ca720e9a2c2ab888b10e9a80d9e974ab46af79789770b9ed6cdd6a788bd5fb1bc423fdb358b74335fd36af2137ea609ed30892f
-
SSDEEP
6144:UgnZFLrVASXypQyp88zoddjo4vcVGEtcig4toN50zY6bTA/eklV5:zVAx88zoddj5c0bio26/pV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1356 wrote to memory of 1064 1356 rundll32.exe 85 PID 1356 wrote to memory of 1064 1356 rundll32.exe 85 PID 1356 wrote to memory of 1064 1356 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll,#12⤵PID:1064
-