Analysis
-
max time kernel
165s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06-12-2022 01:26
Behavioral task
behavioral1
Sample
cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll
-
Size
74KB
-
MD5
0c5b62905998b85fce215194403e589d
-
SHA1
5fda14a4017bbe9f73eeb99c92956f4f711f637d
-
SHA256
cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77
-
SHA512
70d89b6d8e0f25dae2d2260eaf54f65f41175ffa66bfd4cf3e4d3f25c9ad03f7c56a7a748ca675e77d852ecbf4e5ec05d4734cbb6c8d58a487d440c366f28fbe
-
SSDEEP
1536:EGWN9q2qo5jvy8aYgXP3xMhlHWi3ftVuwde7Kh2:EGi9xqwG5YgXP3ckiPt4ie7K8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2528 wrote to memory of 2560 2528 rundll32.exe 80 PID 2528 wrote to memory of 2560 2528 rundll32.exe 80 PID 2528 wrote to memory of 2560 2528 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll,#12⤵PID:2560
-