a9ee05e7356e6f882a7f8c4d409e80c931073369f53055f6054be796f0ec5600

Analysis

max time kernel
290s
max time network
349s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:47

Target

a9ee05e7356e6f882a7f8c4d409e80c931073369f53055f6054be796f0ec5600.dll
Size

671KB
MD5

ee1b0cc0d7225533bc05c08cc96e1485
SHA1

c907c17a25b8dd7b1d1e69b72fc24c06bec83cf8
SHA256

a9ee05e7356e6f882a7f8c4d409e80c931073369f53055f6054be796f0ec5600
SHA512

305f37d1b3672e6acc0a244c0ed268349521bc55493a0fd8fed384578f54a8329eb1c45c721797819557a951b5943875dc8f21041a3b67683f5909ee702f239a
SSDEEP

12288:Tohsg5IxvDzf3R5UUclOJpQ5wCvQAAo+S0PurMaPw2BnG7RQpwpqYlfuIuztA:8Ix/vRuZCQJQI0PurTIRQp6qYdupA

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 2152 set thread context of 2468 2152 rundll32.exe svchost.exe

description	pid	process	target process
PID 2152 set thread context of 2468	2152	rundll32.exe	svchost.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

rundll32.exerundll32.exesvchost.exemsedge.exe

description	pid	process	target process
PID 428 wrote to memory of 2152	428	rundll32.exe	rundll32.exe
PID 428 wrote to memory of 2152	428	rundll32.exe	rundll32.exe
PID 428 wrote to memory of 2152	428	rundll32.exe	rundll32.exe
PID 2152 wrote to memory of 2468	2152	rundll32.exe	svchost.exe
PID 2152 wrote to memory of 2468	2152	rundll32.exe	svchost.exe
PID 2152 wrote to memory of 2468	2152	rundll32.exe	svchost.exe
PID 2152 wrote to memory of 2468	2152	rundll32.exe	svchost.exe
PID 2152 wrote to memory of 2468	2152	rundll32.exe	svchost.exe
PID 2468 wrote to memory of 3932	2468	svchost.exe	msedge.exe
PID 2468 wrote to memory of 3932	2468	svchost.exe	msedge.exe
PID 3932 wrote to memory of 2672	3932	msedge.exe	msedge.exe
PID 3932 wrote to memory of 2672	3932	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9ee05e7356e6f882a7f8c4d409e80c931073369f53055f6054be796f0ec5600.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:428

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.java.com/pt_BR/
4⤵
- Suspicious use of WriteProcessMemory
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ea1946f8,0x7ff9ea194708,0x7ff9ea194718
5⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\image.gif
Filesize
1002B

MD5
94ff00a208cc710d22219e55d2f986a8

SHA1
f477b7e1f497561ad80225e1904dedf78a541444

SHA256
1e7ce3968b2cfdcea4f4405502859e11f98039a6515c78f7fda52d9674767638

SHA512
730a93f5109caad8f4ac05c3b7bf47ae6b8ac5f24cc9407ae5a3a0771e903abdb4c403375d3f3c981c0e9fcc2e3beb4d8f3b2c6c55d31d037b36d2f7d6cf99d0

Download Submit
memory/2152-132-0x0000000000000000-mapping.dmp

Download
memory/2152-138-0x0000000005F80000-0x0000000006127000-memory.dmp

Filesize
1.7MB

Download
memory/2468-133-0x0000000000000000-mapping.dmp

Download
memory/2468-134-0x000000003C040000-0x000000003C09F000-memory.dmp

Filesize
380KB

Download
memory/2468-135-0x000000003C040000-0x000000003C09F000-memory.dmp

Filesize
380KB

Download
memory/2468-136-0x000000003C040000-0x000000003C09F000-memory.dmp

Filesize
380KB

Download
memory/2468-139-0x000000003C040000-0x000000003C09F000-memory.dmp

Filesize
380KB

Download
memory/2672-141-0x0000000000000000-mapping.dmp

Download
memory/3932-140-0x0000000000000000-mapping.dmp

Download