Analysis
-
max time kernel
151s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 01:58
Behavioral task
behavioral1
Sample
b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll
-
Size
118KB
-
MD5
67559a205b06a4a2cfae190537a6de20
-
SHA1
877a1e066b4419b41a58fd02f4da4c96d2e850c0
-
SHA256
b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c
-
SHA512
d355e30a9dbbc846572a5856caa0b0b84e3b91bbc66ac77fb8bee760f4723bc3acd1434b89987a7d9469aab452a687bcd3a687b5bc801025d092aab722aef584
-
SSDEEP
3072:+DAX6MA0YlhvNbw9OXRZcRSoLydoPfZYIBUTNo:KAXXilwQZQrLyiPRYIBko
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1276 wrote to memory of 2808 1276 rundll32.exe 83 PID 1276 wrote to memory of 2808 1276 rundll32.exe 83 PID 1276 wrote to memory of 2808 1276 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#12⤵PID:2808
-