694263e33e92ea1980595ce3972f1c0427196718ddda3fa294d78e1e8859ba18

Analysis

max time kernel
159s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 14:03

Target

694263e33e92ea1980595ce3972f1c0427196718ddda3fa294d78e1e8859ba18.dll
Size

192KB
MD5

931d7f8b55d9c396a1c22924b5821206
SHA1

0d4120f2c3a432cb18be402cd083cb739c7966d4
SHA256

694263e33e92ea1980595ce3972f1c0427196718ddda3fa294d78e1e8859ba18
SHA512

b47da060fe1fc7feeaf605fcd258c6ac8d8ad77826718aff555665f2d4445fcb5cb30e9126cc1ac640e349a25469a82df94cefac14fbdcae82a4e503914d0ff2
SSDEEP

3072:eQ6Uu8bnNO6BhPQ67u+1DSfhn5eMzo0RRpAxzoyFRID3KkmwZ+t+CyKsk3p:w78rkg5Q+u+1y9z/OFoyFCDmwZm

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3544	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 776 set thread context of 3544	776	rundll32.exe	82

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 776	4208	rundll32.exe	81
PID 4208 wrote to memory of 776	4208	rundll32.exe	81
PID 4208 wrote to memory of 776	4208	rundll32.exe	81
PID 776 wrote to memory of 3544	776	rundll32.exe	82
PID 776 wrote to memory of 3544	776	rundll32.exe	82
PID 776 wrote to memory of 3544	776	rundll32.exe	82
PID 776 wrote to memory of 3544	776	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\694263e33e92ea1980595ce3972f1c0427196718ddda3fa294d78e1e8859ba18.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\694263e33e92ea1980595ce3972f1c0427196718ddda3fa294d78e1e8859ba18.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:776
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:3544

memory/776-134-0x0000000000C32000-0x0000000000C58000-memory.dmp

Filesize
152KB

Download