8038b5562e60c6c2275e0ed0bde8d533efdca3342b916d013e8476a8adb2ca68

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 15:11

Target

8038b5562e60c6c2275e0ed0bde8d533efdca3342b916d013e8476a8adb2ca68.dll
Size

130KB
MD5

1157cafd8459b7e9551abf2f56daceb0
SHA1

61457dbc622923ac8d0e694c84ce0eac0d8f2bec
SHA256

8038b5562e60c6c2275e0ed0bde8d533efdca3342b916d013e8476a8adb2ca68
SHA512

fc32139ac09928054f24b3faf7bd1b70b0168e736abf31dbe8dc2293453c294b9a859eb16cdf142ec80944d51aab283d7145f529fb6cf3e5684e731ba369a159
SSDEEP

1536:HG2BTDlp6LteOBUtyx6rSa9Tadc7jHlK8WnVniD:m2BTR8QOIySpTccPw8WnVniD

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\29C371D9.sys	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4356	3040	rundll32.exe	80
PID 3040 wrote to memory of 4356	3040	rundll32.exe	80
PID 3040 wrote to memory of 4356	3040	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8038b5562e60c6c2275e0ed0bde8d533efdca3342b916d013e8476a8adb2ca68.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8038b5562e60c6c2275e0ed0bde8d533efdca3342b916d013e8476a8adb2ca68.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:4356