Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
20-11-2023 13:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
config.cpl.dll
Resource
win7-20231023-en
3 signatures
150 seconds
General
-
Target
config.cpl.dll
-
Size
1.6MB
-
MD5
509b68725e595b30fb2f38c8ea2cf9c4
-
SHA1
1aff17b87ff213c1a8f4c8cfe48782e636b6fb32
-
SHA256
4dae3b84eeb5e36c144f9fad2f2b06d9e82381cda6b1f043033cf3644f339558
-
SHA512
dc7a8e6404c3b1e2600c16c66ed023e6e5f7010efa96fa2c4c5abf8fe4a8c4847abd133a1198d4bb12224c93d4ede1ef1dfe1c6c584749160e9beff2a1585389
-
SSDEEP
24576:ejhyCJxQWOSUua9BgsID7yByhWjqcRE4ff6ySznNvWGYbjWfExlpaheDtg3UUag7:GfzUua9h9ERznNeXHWfExzmPLnvh6
Malware Config
Extracted
Family
systembc
C2
62.173.140.37:4001
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 60 1608 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4264 wrote to memory of 1608 4264 rundll32.exe rundll32.exe PID 4264 wrote to memory of 1608 4264 rundll32.exe rundll32.exe PID 4264 wrote to memory of 1608 4264 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\config.cpl.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4264 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\config.cpl.dll,#12⤵
- Blocklisted process makes network request
PID:1608
-