98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66

Analysis

max time kernel
181s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:35

Target

98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66.dll
Size

192KB
MD5

02846e0a68a421ab6c4d458ebf2b12f2
SHA1

ba6ca8713e216dee8bfe701de8a4e1a11f767aa0
SHA256

98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66
SHA512

7682fd583b38f1e721df76b576b13ec79be21cacb7f3737f560641ce342abe2365ad9231ed28fffe00fa42715ced82704e3cd2b92ce40bde0018cdc69675a0cd
SSDEEP

3072:e8mUVavyjhib2g7yj4zug7UMIahFJeMR4pJajIAF0QM58yN4BTFhN1wweTqCYei:e+j+f7yj4SgxteMR6a3F5u8yN4dF7oq/

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

3616 cmd.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 4152 set thread context of 3616 4152 rundll32.exe cmd.exe

pid	process
3616	cmd.exe

description	pid	process	target process
PID 4152 set thread context of 3616	4152	rundll32.exe	cmd.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4148 wrote to memory of 4152	4148	rundll32.exe	rundll32.exe
PID 4148 wrote to memory of 4152	4148	rundll32.exe	rundll32.exe
PID 4148 wrote to memory of 4152	4148	rundll32.exe	rundll32.exe
PID 4152 wrote to memory of 3616	4152	rundll32.exe	cmd.exe
PID 4152 wrote to memory of 3616	4152	rundll32.exe	cmd.exe
PID 4152 wrote to memory of 3616	4152	rundll32.exe	cmd.exe
PID 4152 wrote to memory of 3616	4152	rundll32.exe	cmd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98bc4479facf497d3225d445b1804c3d9cda25d2c9ed8eb15e86d8a3cb1e0b66.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4148

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
3⤵
- Deletes itself
PID:3616

memory/3616-136-0x0000000000000000-mapping.dmp

Download
memory/4152-132-0x0000000000000000-mapping.dmp

Download
memory/4152-133-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4152-134-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4152-135-0x0000000000930000-0x0000000000964000-memory.dmp

Filesize
208KB

Download
memory/4152-137-0x0000000000930000-0x0000000000964000-memory.dmp

Filesize
208KB

Download