Analysis
-
max time kernel
90s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
30-01-2023 01:57
Static task
static1
Behavioral task
behavioral1
Sample
fbf183552d7edf8226f1a41c51e3bf90afd5d4e519f4a8088a153fb300fd7681.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
fbf183552d7edf8226f1a41c51e3bf90afd5d4e519f4a8088a153fb300fd7681.dll
-
Size
526KB
-
MD5
51e8157abf646d4f2938208509a91960
-
SHA1
485de69d342bf1f65fc7c17f512faee487092976
-
SHA256
fbf183552d7edf8226f1a41c51e3bf90afd5d4e519f4a8088a153fb300fd7681
-
SHA512
f99a128199d0c363a9eb65488e71f8e9f234a079a7b659c5e9d077f31077a624f583d60150a59eaebfa6bef67194cbc334f74dcdfacffc65d10f37051343f09b
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Y:jDgtfRQUHPw06MoV2nwTBlhm8Q
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5068 wrote to memory of 2536 5068 rundll32.exe 58 PID 5068 wrote to memory of 2536 5068 rundll32.exe 58 PID 5068 wrote to memory of 2536 5068 rundll32.exe 58
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf183552d7edf8226f1a41c51e3bf90afd5d4e519f4a8088a153fb300fd7681.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf183552d7edf8226f1a41c51e3bf90afd5d4e519f4a8088a153fb300fd7681.dll,#12⤵PID:2536
-