5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 00:04

Target

5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll
Size

948KB
MD5

0c55b586059ea7c208413bbba7444090
SHA1

5422c90edb8e0d81cf9b275b63aa3e88170d988c
SHA256

5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43
SHA512

42343bb9327d9588cccc1c3bcc4a51d64e7c3e20647481cb12721aa2e5064bf8e9e7424c3e3dd4d6f5407ecc2e809aa4ee4117682e6d85b980655e40b4fee6fb
SSDEEP

24576:NrO0rAD0cfsgxKq8jQs4h5G/BGinTgyf:J3uJEV0nv+BGAV

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\Drivers\etc\hosts	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 4440	4064	rundll32.exe	78
PID 4064 wrote to memory of 4440	4064	rundll32.exe	78
PID 4064 wrote to memory of 4440	4064	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e74912a2f6b773e7fc59aea90673993bb5dc9fb53a71482f2aea538f614eb43.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:4440

memory/4440-133-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download