Analysis
-
max time kernel
143s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2023 02:00
Behavioral task
behavioral1
Sample
05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3.dll
Resource
win10v2004-20230220-en
General
-
Target
05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3.dll
-
Size
1.1MB
-
MD5
bea3bb0c0781e7e65f02a5772278ee05
-
SHA1
d417b4029f5c4dc8c19261eba9a03e67af1f60f9
-
SHA256
05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3
-
SHA512
b7b9d26c8af11b20290018280d501027d1f0a7bdaeec8d158a290c1ab86bfea1b00ee584276288ad3f08993f8ac75068efb636a59a6dcec3271c6b6f4bfd1338
-
SSDEEP
24576:zgBR6GDSApRRK812sPHYXjzsG/lSYTU8Lik36ecmcZc2iwE9eaHENS:d2SApRUI5vYXjzsG/ZTU8X1cmc5gEs
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 5052 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 5052 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 5052 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05700af880832d071523fe1de6e3cb303e9149a65d3c3354d5762d6baa6068f3.dll,#12⤵