Analysis
-
max time kernel
80s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2023, 13:55
Behavioral task
behavioral1
Sample
C/ProgramData/Sentinel/AFUCache/926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
C/ProgramData/Sentinel/AFUCache/926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll
Resource
win10v2004-20230220-en
General
-
Target
C/ProgramData/Sentinel/AFUCache/926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll
-
Size
7KB
-
MD5
1957deed26c7f157cedcbdae3c565cff
-
SHA1
be9e23e56c4a25a8ea453c093714eed5e36c66d0
-
SHA256
926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732
-
SHA512
324e714e99c36786f13dc408882a89b41fce1d76be7b828c93561a7ecb780030274c253e1c50322e09916ce4d4793cd61ae75b5e116e4e90f01232f2f29d5270
-
SSDEEP
96:WCu0DE8Z7wtZfAy/ytanQgKM4odWSNWlph8GWLIru:9Eik9AyGaQgHbdonWau
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 16 2932 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1628 wrote to memory of 2932 1628 rundll32.exe 58 PID 1628 wrote to memory of 2932 1628 rundll32.exe 58 PID 1628 wrote to memory of 2932 1628 rundll32.exe 58
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\C\ProgramData\Sentinel\AFUCache\926fcb9483faa39dd93c8442e43af9285844a1fbbe493f3e4731bbbaecffb732.dll,#12⤵
- Blocklisted process makes network request
PID:2932
-