af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 06:59

Target

af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll
Size

136KB
MD5

6ae346ab1205b9a73d8292ccd681e0f0
SHA1

b9b4a131d002c5b26ee418e0cac933c55c4886df
SHA256

af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303
SHA512

9b7589486d71be5ee5b71f5d9c58c9039800314c7d6b44874f584539539a0a47fed766695447ff5819ce05694f16ca7f3b16afbc942e8709f98cc8f942b83e4d
SSDEEP

3072:5qR+5SiBLeygpAVtivMq7QHNIrKyW6qxESe:5JSiBLDgpYtUMAQHNIrjd

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2236	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4088 set thread context of 2236	4088	rundll32.exe	82

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4088	3812	rundll32.exe	81
PID 3812 wrote to memory of 4088	3812	rundll32.exe	81
PID 3812 wrote to memory of 4088	3812	rundll32.exe	81
PID 4088 wrote to memory of 2236	4088	rundll32.exe	82
PID 4088 wrote to memory of 2236	4088	rundll32.exe	82
PID 4088 wrote to memory of 2236	4088	rundll32.exe	82
PID 4088 wrote to memory of 2236	4088	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0e940417da8cdaab23b784b9d918b0343576e8ad976cf3a88cf8f33edee303.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4088
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:2236

memory/4088-134-0x00000000007F0000-0x0000000000827000-memory.dmp

Filesize
220KB

Download
memory/4088-135-0x00000000007F0000-0x0000000000827000-memory.dmp

Filesize
220KB

Download