527bc616d9b29f283443b1c2ab01e28a586e2d00b4c3e97236d81a5e38cb01a4

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 14:38

Target

527bc616d9b29f283443b1c2ab01e28a586e2d00b4c3e97236d81a5e38cb01a4.dll
Size

158KB
MD5

623f49b6c44459080151ca0ac810b5a2
SHA1

5f6e009244db0cd71bca10a6361e745d14275b2f
SHA256

527bc616d9b29f283443b1c2ab01e28a586e2d00b4c3e97236d81a5e38cb01a4
SHA512

c7a109068389fa533e028838e7aa83f09dd775d1bacdb707ad6af4b7976a2fc8e12314f69ec5f3a4a1c8af603b525b9667b33c2ef28ac8c842ec58c4bae767e1
SSDEEP

3072:Y0RrXdStDl5C2WBKs9A6dkhDttVfO3p8oXcVVbSheZy8yL:/rXItp5RWQs9Amk1ttVfVYcS0y8

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3200	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1972 set thread context of 3200	1972	rundll32.exe	86

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1972	1368	rundll32.exe	85
PID 1368 wrote to memory of 1972	1368	rundll32.exe	85
PID 1368 wrote to memory of 1972	1368	rundll32.exe	85
PID 1972 wrote to memory of 3200	1972	rundll32.exe	86
PID 1972 wrote to memory of 3200	1972	rundll32.exe	86
PID 1972 wrote to memory of 3200	1972	rundll32.exe	86
PID 1972 wrote to memory of 3200	1972	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\527bc616d9b29f283443b1c2ab01e28a586e2d00b4c3e97236d81a5e38cb01a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\527bc616d9b29f283443b1c2ab01e28a586e2d00b4c3e97236d81a5e38cb01a4.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:3200

memory/1972-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1972-134-0x0000000001350000-0x0000000001387000-memory.dmp

Filesize
220KB

Download
memory/1972-135-0x0000000001350000-0x0000000001387000-memory.dmp

Filesize
220KB

Download
memory/1972-136-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1972-137-0x0000000001350000-0x0000000001387000-memory.dmp

Filesize
220KB

Download
memory/1972-139-0x0000000001350000-0x0000000001387000-memory.dmp

Filesize
220KB

Download