Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2023 08:44
Behavioral task
behavioral1
Sample
2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll
Resource
win10v2004-20230220-en
General
-
Target
2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll
-
Size
2.5MB
-
MD5
d49591f472aa7626074aa9914d670ec1
-
SHA1
e7080ecb8036303d27be9e7a87716ddc8608ab69
-
SHA256
2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806
-
SHA512
0909ba541e56f66f0c1746d4a0ec5c6905819f5c53502d1a61f6ce7465e6b8ecdb5f2b33e341e6146ac899686a82e979118ddc0f1a0103e7223b4b87595879ac
-
SSDEEP
49152:nut4E5/XZabuGc+Tto/clQQF/lovXYGl3Ou1ftgeQHcFSyRKVk73V:uLzXG1tkWTgfYGl+u1ftgeQHcXKSl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1872 wrote to memory of 3996 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 3996 1872 rundll32.exe rundll32.exe PID 1872 wrote to memory of 3996 1872 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2cafce8e661927d082f5d017824a5548ccbccdbf47ad47b712b7adf244f43806.dll,#12⤵