Analysis
-
max time kernel
91s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
14-02-2023 19:31
Behavioral task
behavioral1
Sample
d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll
Resource
win10v2004-20220812-en
General
-
Target
d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll
-
Size
881KB
-
MD5
a573cbb0d082372cb897b62ded1853ed
-
SHA1
975b72369d2daca75ac283bfd5c4aa5d9c78a11a
-
SHA256
d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2
-
SHA512
a90106180f1777c5a30953bb62b4ccc9d9de4661859f06d99e49707c6867636917cf40a322187b17cab39e53e5ba2e3c7aea55db9ed27f93ac5d89f30368c855
-
SSDEEP
12288:/fE/H9N0tZp973NLhnJyOES/Sc4lg82Swkn5HOzWQPE7U2Y5TWd:nw0tZp973RNJMSa3lg8p5HOzgY0d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1168 wrote to memory of 1564 1168 rundll32.exe rundll32.exe PID 1168 wrote to memory of 1564 1168 rundll32.exe rundll32.exe PID 1168 wrote to memory of 1564 1168 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll,#12⤵PID:1564