4cad52223010ee1b8fee80167d5551e4bdb388c0ea1e19fa829618d8ad2ab3cc

Analysis

max time kernel
24s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 12:30

Target

4cad52223010ee1b8fee80167d5551e4bdb388c0ea1e19fa829618d8ad2ab3cc.dll
Size

456KB
MD5

a1741f907668ae7e4ed06f9a04ee8756
SHA1

7dcc1a700e5951194c97fd2c7026d05c6445f709
SHA256

4cad52223010ee1b8fee80167d5551e4bdb388c0ea1e19fa829618d8ad2ab3cc
SHA512

6ce28e485ef576bfb2cab6eaa353622a3041bc74e14b337577dad36a92a17c13cda710640596732fc547a19a26c14b0d194ad7fabe4673e211a98ec6797a20d2
SSDEEP

12288:eGO0o+qR9f7RxnwIb79NLEkmCNbM5QVFf+kKsEfwE:tOPh7RffLxJM5mfYdf

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1892	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cad52223010ee1b8fee80167d5551e4bdb388c0ea1e19fa829618d8ad2ab3cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cad52223010ee1b8fee80167d5551e4bdb388c0ea1e19fa829618d8ad2ab3cc.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1892

memory/1892-54-0x0000000000000000-mapping.dmp

Download
memory/1892-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/1892-56-0x0000000010000000-0x0000000010075000-memory.dmp

Filesize
468KB

Download