90ed5e2a8c40d8a3d930043baa76b4ef4e76cdf04a98c888362bbb3f4852fe9f

Analysis

max time kernel
138s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 03:51

Target

90ed5e2a8c40d8a3d930043baa76b4ef4e76cdf04a98c888362bbb3f4852fe9f.dll
Size

311KB
MD5

589f99630d43542d01b4fff8faa47b70
SHA1

887f7bb26b60cc5e3bd726cdfaa8283607c63d17
SHA256

90ed5e2a8c40d8a3d930043baa76b4ef4e76cdf04a98c888362bbb3f4852fe9f
SHA512

d27891a8e16a5a3319e61e7f44176e502c37fa8503349e39a5305be89bf917bde3f2a30d38a9b3a23d8aad31f39668f764cb4bb420134c528357889bf172502c
SSDEEP

6144:h9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:haJFuA9zD/B26

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2496	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 2496	4828	rundll32.exe	83
PID 4828 wrote to memory of 2496	4828	rundll32.exe	83
PID 4828 wrote to memory of 2496	4828	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90ed5e2a8c40d8a3d930043baa76b4ef4e76cdf04a98c888362bbb3f4852fe9f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90ed5e2a8c40d8a3d930043baa76b4ef4e76cdf04a98c888362bbb3f4852fe9f.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2496

memory/2496-132-0x0000000000000000-mapping.dmp

Download
memory/2496-133-0x0000000074CF0000-0x0000000074D46000-memory.dmp

Filesize
344KB

Download