Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce.dll
Resource
win10v2004-20220812-en
General
-
Target
ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce.dll
-
Size
40KB
-
MD5
9a20145e02900c64b52d91dc4155ec3d
-
SHA1
1dcaac38515137f06457705c52356f18a98d36e7
-
SHA256
ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce
-
SHA512
2227680c6df6402890543ae6df0ddd928ee955176facfbb78d27af2acd19fabd3fade9e375a9cde8a75f8e1930dae68c7aeaf3cc6b566694e3bd89ebeb860085
-
SSDEEP
768:7VmrMTqYPNZ8E3Jf7bAa747EK+X+hP6NWBoR8fTH0WNZ:7VmoTZ3JfnD747d+uh8aoR6TRNZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1032 wrote to memory of 5096 1032 rundll32.exe 80 PID 1032 wrote to memory of 5096 1032 rundll32.exe 80 PID 1032 wrote to memory of 5096 1032 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffba9b34093cb65c05224908c891b81d7ca9d09d1176f1ffc8f8c6cd9962c1ce.dll,#12⤵PID:5096
-