e4e75363bd6a9d19b9da5fa4ead7bb293d03118bc4c89ab0d727358ee8159e70

Analysis

max time kernel
151s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 01:22

Target

e4e75363bd6a9d19b9da5fa4ead7bb293d03118bc4c89ab0d727358ee8159e70.dll
Size

311KB
MD5

0282e9f57f204cce13d231fd9f065386
SHA1

e36225e55a1f275bd212cfeb2fd5e69ee5302ab9
SHA256

e4e75363bd6a9d19b9da5fa4ead7bb293d03118bc4c89ab0d727358ee8159e70
SHA512

983f24dda3cb87379272fb61e22d1dcfbff20ef877bb498e0df13bb9a395f1462366caae5c846a01b3a9660c457374078e28718a3ba9bc4d2b6abbf5c19e4b9b
SSDEEP

6144:n9P1dpyl/RFOlC19Sp6P4v8eNrs/BpoIP3:naJFuA9zD/B26

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1060	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 1060	720	rundll32.exe	82
PID 720 wrote to memory of 1060	720	rundll32.exe	82
PID 720 wrote to memory of 1060	720	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4e75363bd6a9d19b9da5fa4ead7bb293d03118bc4c89ab0d727358ee8159e70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4e75363bd6a9d19b9da5fa4ead7bb293d03118bc4c89ab0d727358ee8159e70.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1060

memory/1060-133-0x0000000074C10000-0x0000000074C66000-memory.dmp

Filesize
344KB

Download