Analysis
-
max time kernel
99s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2023 18:52
Behavioral task
behavioral1
Sample
f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca.dll
Resource
win10v2004-20230221-en
1 signatures
150 seconds
General
-
Target
f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca.dll
-
Size
92KB
-
MD5
ff7b60df0b479bd5e8313ce1798ad9e5
-
SHA1
dfa1b46c15183512759447c315b08adea2add035
-
SHA256
f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca
-
SHA512
f26f46c4e9bd5c28da6e81008201a7fe3ac1dcf3c2d11e73ee7aa5b890379b5364b00eda110523ec67175bbcd1c9507ff7762f3d803e4f8d4eb2f7af6c2679a8
-
SSDEEP
1536:UY0LN/97My208fPwzCVNb47AL/ewI9Zk11npQtWeW90i:YN/9M5fPwXAL/e5jWNpQrY0i
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2924 wrote to memory of 464 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 464 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 464 2924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4c019bce13185cda92d1422bae151a53185e04ba55c2cbfa9ef2ea7bafc20ca.dll,#12⤵