27969d40a785488f63cb5e83e05241968e363caaf3f7d5b0084605ab7981f4bc

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 18:04

Target

27969d40a785488f63cb5e83e05241968e363caaf3f7d5b0084605ab7981f4bc.dll
Size

221KB
MD5

9362dee8600160f02441cce157e77b49
SHA1

48381a530f40bbdb46aa069b5446c27505d2cc0a
SHA256

27969d40a785488f63cb5e83e05241968e363caaf3f7d5b0084605ab7981f4bc
SHA512

fe1f645069bf73441ec8e23098a92d50ef000836b5148f689073d4cf5804e39b1b9583936f45c385df1dbb3320c9fc174bb8a9c839f52f5858c02396836869dc
SSDEEP

3072:Zm5z5BQLhYNojhftye3CGRmDKRfJrcEwvIIRYAEuhmqA8l2s5AOgVYo8ugfkcA0K:ZThYKNtSGRm+95fIzrI9/7RcA0RA

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1212	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4024 set thread context of 1212	4024	rundll32.exe	86

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 4024	1296	rundll32.exe	84
PID 1296 wrote to memory of 4024	1296	rundll32.exe	84
PID 1296 wrote to memory of 4024	1296	rundll32.exe	84
PID 4024 wrote to memory of 1212	4024	rundll32.exe	86
PID 4024 wrote to memory of 1212	4024	rundll32.exe	86
PID 4024 wrote to memory of 1212	4024	rundll32.exe	86
PID 4024 wrote to memory of 1212	4024	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27969d40a785488f63cb5e83e05241968e363caaf3f7d5b0084605ab7981f4bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27969d40a785488f63cb5e83e05241968e363caaf3f7d5b0084605ab7981f4bc.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4024
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:1212

memory/4024-133-0x00000000009B0000-0x00000000009F0000-memory.dmp

Filesize
256KB

Download
memory/4024-134-0x00000000009B0000-0x00000000009F0000-memory.dmp

Filesize
256KB

Download
memory/4024-135-0x00000000009F0000-0x0000000000A30000-memory.dmp

Filesize
256KB

Download
memory/4024-137-0x00000000009F0000-0x0000000000A30000-memory.dmp

Filesize
256KB

Download