3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:34

Target

3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa.dll
Size

186KB
MD5

94eea943f35df0b59477825210e21d9e
SHA1

1c936b6fc359cdd7dd5d8f93652e7b8dd468d46e
SHA256

3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa
SHA512

f125c1101de54394887c7f13dfb06d538a5ef7e7e4136cbd7b38b63ae4e4c813b30c58517d6dc3dfb2aa584680df114bad78283767c58dc99ae7953c65c6c26a
SSDEEP

3072:wnhMMckC7W2oHLu+B2AHAsDImVe0ucjzkBeM/RFCh+Rz7NdO3rJRWljmlnKrs4HH:wKWCq2oHLuQHAsDRVjJEX/RFCh+Rz7Ny

Score

7^/10

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

552 cmd.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 5092 set thread context of 552 5092 rundll32.exe cmd.exe

pid	process
552	cmd.exe

description	pid	process	target process
PID 5092 set thread context of 552	5092	rundll32.exe	cmd.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2424 wrote to memory of 5092	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 5092	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 5092	2424	rundll32.exe	rundll32.exe
PID 5092 wrote to memory of 552	5092	rundll32.exe	cmd.exe
PID 5092 wrote to memory of 552	5092	rundll32.exe	cmd.exe
PID 5092 wrote to memory of 552	5092	rundll32.exe	cmd.exe
PID 5092 wrote to memory of 552	5092	rundll32.exe	cmd.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3984236c1cb4fd6976840946cfae424b69c6345714ee99deae2dff75583787fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
3⤵
- Deletes itself
PID:552

memory/552-136-0x0000000000000000-mapping.dmp

Download
memory/5092-132-0x0000000000000000-mapping.dmp

Download
memory/5092-133-0x0000000000FA0000-0x0000000000FD2000-memory.dmp

Filesize
200KB

Download
memory/5092-134-0x0000000000FA0000-0x0000000000FD2000-memory.dmp

Filesize
200KB

Download
memory/5092-135-0x0000000000FE0000-0x0000000001012000-memory.dmp

Filesize
200KB

Download
memory/5092-137-0x0000000000FE0000-0x0000000001012000-memory.dmp

Filesize
200KB

Download