180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854

Analysis

max time kernel
44s
max time network
88s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 12:50

Target

180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854.dll
Size

1.1MB
MD5

601a0f76b8a9cdc96f6bc80522927000
SHA1

007a1be088da17baed18e580c991aba359d8d93c
SHA256

180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854
SHA512

4ae2709513286e4dcf9e4f5220f7fbca962fd438976d3be3f800fd2a56416ad82b52b8eeef356dda4f9393e7cde6751c7aa5c43939b656cc3ca9f3f3d784d59c
SSDEEP

24576:jzZ7DOlerdyn7rKiokhHmbm5oV3SErAi0i7Xj8BWNLyx1wrvEobKaZX:XZ7DOlekQcmi8S6ACXwWNDEElZ

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	960	rundll32.exe
3	960	rundll32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
960	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28
PID 2040 wrote to memory of 960	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:960

memory/960-54-0x0000000000000000-mapping.dmp

Download
memory/960-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000036AF0000-0x0000000036B00000-memory.dmp

Filesize
64KB

Download
memory/960-57-0x0000000036AF0000-0x0000000036B00000-memory.dmp

Filesize
64KB

Download
memory/960-58-0x0000000000260000-0x000000000029C000-memory.dmp

Filesize
240KB

Download
memory/960-60-0x00000000749D0000-0x0000000074AEB000-memory.dmp

Filesize
1.1MB

Download
memory/960-61-0x00000000748B0000-0x00000000749CB000-memory.dmp

Filesize
1.1MB

Download
memory/960-62-0x00000000749D0000-0x0000000074AEB000-memory.dmp

Filesize
1.1MB

Download
memory/960-63-0x00000000748B0000-0x00000000749CB000-memory.dmp

Filesize
1.1MB

Download