96c79780957f7a578c36e08190a67af62bbcac91867fcdadd6406132b53cebc0

Analysis

max time kernel
159s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 12:08

Target

96c79780957f7a578c36e08190a67af62bbcac91867fcdadd6406132b53cebc0.dll
Size

228KB
MD5

20e150ae2a2ab17b8d7357e1dbf94bdd
SHA1

5fd984e31b7297374f7dd44c81ef6fd5f3b2ede0
SHA256

96c79780957f7a578c36e08190a67af62bbcac91867fcdadd6406132b53cebc0
SHA512

c711723b6ee8e66755cdd91bfc37538e1bf19290b8114ec0e35c32f6fba8cddb0bae0bba25bccf70b03031a2758d690f10374a0768e46d66da3a5cfd6b089b27
SSDEEP

3072:ZdcQ2ZNMSQvbajUTUItjT68+xQaaYujJpMvDHU:ZATSOjUQKTRYvbU

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
448	rundll32mgr.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4860	4948	rundll32.exe	83
PID 4948 wrote to memory of 4860	4948	rundll32.exe	83
PID 4948 wrote to memory of 4860	4948	rundll32.exe	83
PID 4860 wrote to memory of 448	4860	rundll32.exe	84
PID 4860 wrote to memory of 448	4860	rundll32.exe	84
PID 4860 wrote to memory of 448	4860	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c79780957f7a578c36e08190a67af62bbcac91867fcdadd6406132b53cebc0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96c79780957f7a578c36e08190a67af62bbcac91867fcdadd6406132b53cebc0.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4860
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    PID:448

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
76KB

MD5
2e7df5ae9dcabe137166989493d996a9

SHA1
00a2f1abd5480d5e23bf512a8ee37aa842f69b54

SHA256
4c53f34aa96dc64de964e0f440218ea918b4ac56576323edb4626b17265bd8ef

SHA512
38bbc02e1767a8337ce53c73c637d4d9ec883d9f966dff26fb92ecda6d56646166deb5836a7edfd43725408f2e31f07935dbfaf726e6ea77c64ade18bad42d8f

Download Submit
memory/448-134-0x0000000000000000-mapping.dmp

Download
memory/4860-132-0x0000000000000000-mapping.dmp

Download
memory/4860-133-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download