Analysis
-
max time kernel
154s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 07:37
Behavioral task
behavioral1
Sample
c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e.dll
-
Size
527KB
-
MD5
c104a876678932fc1b9283f803364917
-
SHA1
7699a6026fa91f20b0517b69a2ec17104c7546dc
-
SHA256
c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e
-
SHA512
cd994af4b6340584ed20393ca27ecaa86c3833760e5ad4d4834d90acae23139acf82312e283b7e2057907292a9d9a7e1a6d09ab95586ff0dc49beb3a28a24912
-
SSDEEP
12288:25giCwoh87b32HiJbS166CJT0rq9TsXWT1dTdxGmnO9/FF:25HCf67b32obpAu1sXWBdTH7ytF
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4524 wrote to memory of 2000 4524 rundll32.exe 81 PID 4524 wrote to memory of 2000 4524 rundll32.exe 81 PID 4524 wrote to memory of 2000 4524 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c361723caf203955b5aadf5829b7b10a1339578acd53b0c572b32b771406d24e.dll,#12⤵PID:2000
-