Analysis
-
max time kernel
61s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
10-02-2023 19:00
Behavioral task
behavioral1
Sample
97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll
Resource
win10v2004-20220901-en
General
-
Target
97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll
-
Size
626KB
-
MD5
5fc3f6a834499cde6098527f01a09951
-
SHA1
56cddedbb92639acb83649f91cdb72f322a27100
-
SHA256
97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f
-
SHA512
73da509231e32d20f75cc0548948fbeca0a818b29f6026822c619993f8ea1f0ffc7f966912abc3dbb98ba9df1e95ecaa1e3e57876602eaab5bd10c9bba6ab069
-
SSDEEP
12288:N9fD4BCMepaBzOu0e5FACJxKCM3vhETCJI/dEaxieJak9QdGf/+:3fDw5epcOu0e52vVa0etWdC/+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2552 wrote to memory of 2416 2552 rundll32.exe rundll32.exe PID 2552 wrote to memory of 2416 2552 rundll32.exe rundll32.exe PID 2552 wrote to memory of 2416 2552 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll,#12⤵PID:2416