Analysis
-
max time kernel
70s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2023 19:51
Behavioral task
behavioral1
Sample
c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll
-
Size
2.5MB
-
MD5
cbf23b2a913eb6cc96c8fd72d39807e2
-
SHA1
ca3f7a691ff699b83f379f22b8563fc8749cdb27
-
SHA256
c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3
-
SHA512
a0051b9e1bdc1317cda009a0c57e287ac6496b92867fd8d1f5a90d7b9e85156c2304e3e653557f5daef62221408ab34e2e9ea470369fba5b38a9f50b454ae263
-
SSDEEP
49152:4GQFopxxPl57HyKBPsX2k3W5VbuqRvQSYKIuMIjF36MB5i/3:NQCp/HDPsGx5QWvQSYKtL5fi/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1520 wrote to memory of 3728 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 3728 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 3728 1520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c18478276d14c80395f4a04fe2dd4cdef8d89014d1bcf4cf93ed8a0c7f3efcc3.dll,#12⤵