2fda0b8b039b7d39b041ba6f3fe3544c9fdc5fe2ffe5241a48b0255bd870f76b

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18/09/2022, 23:33

Target

2fda0b8b039b7d39b041ba6f3fe3544c9fdc5fe2ffe5241a48b0255bd870f76b.dll
Size

176KB
MD5

cf52f5a7e167266c9ae949ae2cf833dc
SHA1

edda735675ab7c57ad7b9769c362ec41156e05e1
SHA256

2fda0b8b039b7d39b041ba6f3fe3544c9fdc5fe2ffe5241a48b0255bd870f76b
SHA512

a0ba4040c6722e595e552e6f770f25aaefe84e7e0543081ae3e20634210be2a82dee9abf01ff68f61a0324cc07697bcaaa5794c365006d067de9b130a51e35f3
SSDEEP

3072:Gl/LDLVK3eyVuez9g19DYz+sFUAHILmbTElIC7vlaDOb2pAQq6miO6WsNL:GljDLV+ewx95ciILmPlC7t6Ob2py6mi6

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
872	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27
PID 564 wrote to memory of 872	564	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fda0b8b039b7d39b041ba6f3fe3544c9fdc5fe2ffe5241a48b0255bd870f76b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2fda0b8b039b7d39b041ba6f3fe3544c9fdc5fe2ffe5241a48b0255bd870f76b.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:872

memory/872-55-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download
memory/872-57-0x0000000010000000-0x0000000010071000-memory.dmp

Filesize
452KB

Download