3e003aa720b1a9c6d93dba11cf8c9529f31bb5d93c121958cf260013960de964

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:31

Target

3e003aa720b1a9c6d93dba11cf8c9529f31bb5d93c121958cf260013960de964.dll
Size

199KB
MD5

2498290c3a3967132dc3ef4ed93bc51f
SHA1

d65c95eb852c8b02adeb78acb000554d3618ebd0
SHA256

3e003aa720b1a9c6d93dba11cf8c9529f31bb5d93c121958cf260013960de964
SHA512

fe152f1de466af5d28e794daa4e3b896e3f96c3050f9c6531ecc4bca94deb5894b97abdfd458da75b792a56b49d41243f5b86683bb2ab39300506e93e728e92f
SSDEEP

6144:Ues2vCN/D5kmUwJudgPDOZ0eQE7rBU3xp:a2CNb9JuaPDOZ0eQEOxp

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

708 cmd.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 1580 set thread context of 708 1580 rundll32.exe cmd.exe

pid	process
708	cmd.exe

description	pid	process	target process
PID 1580 set thread context of 708	1580	rundll32.exe	cmd.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4984 wrote to memory of 1580	4984	rundll32.exe	rundll32.exe
PID 4984 wrote to memory of 1580	4984	rundll32.exe	rundll32.exe
PID 4984 wrote to memory of 1580	4984	rundll32.exe	rundll32.exe
PID 1580 wrote to memory of 708	1580	rundll32.exe	cmd.exe
PID 1580 wrote to memory of 708	1580	rundll32.exe	cmd.exe
PID 1580 wrote to memory of 708	1580	rundll32.exe	cmd.exe
PID 1580 wrote to memory of 708	1580	rundll32.exe	cmd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e003aa720b1a9c6d93dba11cf8c9529f31bb5d93c121958cf260013960de964.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
3⤵
- Deletes itself
PID:708

memory/708-136-0x0000000000000000-mapping.dmp

Download
memory/1580-132-0x0000000000000000-mapping.dmp

Download
memory/1580-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1580-134-0x0000000002BE0000-0x0000000002C6D000-memory.dmp

Filesize
564KB

Download
memory/1580-135-0x0000000002BE0000-0x0000000002C6D000-memory.dmp

Filesize
564KB

Download