8e1b2d0c83cb245f3b9a2c9a132c903238c195d8647cf184bfe5e1aaaef4d0cf

Analysis

max time kernel
252s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:42

Target

8e1b2d0c83cb245f3b9a2c9a132c903238c195d8647cf184bfe5e1aaaef4d0cf.dll
Size

1.0MB
MD5

48c578a91e7799c04f4675de7b6ee894
SHA1

01102e1d67e1549f901864aed74fdc1d5373fb57
SHA256

8e1b2d0c83cb245f3b9a2c9a132c903238c195d8647cf184bfe5e1aaaef4d0cf
SHA512

51cfee8a028d7aee69fc1804671ce97ab61db195e75fb3d8a568a44685fd1ae39d81037674aa915f75aa5ce21cfdebef035a01e13c6e1b9a85b18706521db38e
SSDEEP

24576:jFFdTNVECiERXHdd4F43ReUZwTewvvcvupMo/MtB8Sl+amm:XPpYtTewvvcv8MgM8Sl+amm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1008 set thread context of 2860	1008	rundll32.exe	83

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 1008	1296	rundll32.exe	82
PID 1296 wrote to memory of 1008	1296	rundll32.exe	82
PID 1296 wrote to memory of 1008	1296	rundll32.exe	82
PID 1008 wrote to memory of 2860	1008	rundll32.exe	83
PID 1008 wrote to memory of 2860	1008	rundll32.exe	83
PID 1008 wrote to memory of 2860	1008	rundll32.exe	83
PID 1008 wrote to memory of 2860	1008	rundll32.exe	83
PID 1008 wrote to memory of 2860	1008	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e1b2d0c83cb245f3b9a2c9a132c903238c195d8647cf184bfe5e1aaaef4d0cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e1b2d0c83cb245f3b9a2c9a132c903238c195d8647cf184bfe5e1aaaef4d0cf.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Windows\SysWOW64\svchost.exe
    "C:\Windows\system32\svchost.exe"
    3⤵
    PID:2860

C:\Users\Admin\AppData\Local\Temp\image.gif

Filesize
1KB

MD5
36fe25c4c9e4cec82390f4c6fb6e2656

SHA1
9fc8b7670d46413d2be1fba54d71c2060f8fd638

SHA256
87b2485281b1ffaffde5ff9a0556d94979823759b7056601c7367c9d891ee02a

SHA512
72578d87455e8448c7842be6a2adf887a97b75eca6484a4d1ab75241bf5b2754a5c9379c3f5cdc936dbdfb690326e3b04f589b7887b391c0e70db31a13a49b7b

Download Submit
memory/1008-133-0x0000000000720000-0x000000000082A000-memory.dmp

Filesize
1.0MB

Download
memory/2860-135-0x0000000008C60000-0x0000000008CBF000-memory.dmp

Filesize
380KB

Download
memory/2860-136-0x0000000008C60000-0x0000000008CBF000-memory.dmp

Filesize
380KB

Download
memory/2860-137-0x0000000008C60000-0x0000000008CBF000-memory.dmp

Filesize
380KB

Download
memory/2860-139-0x0000000008C60000-0x0000000008CBF000-memory.dmp

Filesize
380KB

Download