Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
13-02-2023 20:33
Behavioral task
behavioral1
Sample
5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll
-
Size
428KB
-
MD5
ab9635ddab1654e7b423f8dae312a162
-
SHA1
74ccfd75f97718a059abd9a438555fa05e457b81
-
SHA256
5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d
-
SHA512
3c3a583dc9759280f6eb8927db31d6c44a9761bbe5de3c1cc7155b0f38ddef5e252f146cfe2f51e4f506248144677bf0a3f2bfd16cca16ca71d858c4899c6e99
-
SSDEEP
12288:c+M7dho5oq5S/V2Ig+jB5RPwHpnLP8uyl5qUc:OrQ5O2IblwHE5qUc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 404 wrote to memory of 1108 404 rundll32.exe rundll32.exe PID 404 wrote to memory of 1108 404 rundll32.exe rundll32.exe PID 404 wrote to memory of 1108 404 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:404 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll,#12⤵PID:1108