1c21be8951a7577d5832156a28b7e912ef60268317fb4ae2319286de3fac6678

Analysis

max time kernel
151s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 13:22

Target

1c21be8951a7577d5832156a28b7e912ef60268317fb4ae2319286de3fac6678.dll
Size

145KB
MD5

8457e1a4691f8f1b324b629e7fb13f60
SHA1

3b82a7117b6de6f71d998826c5233a10503a9437
SHA256

1c21be8951a7577d5832156a28b7e912ef60268317fb4ae2319286de3fac6678
SHA512

38d3a8a8a0ab7875e57d3a832482e589c46c78242fc2d6a9ad013007c52adbf97da9aa2fe847cf16079dd4c414c7445e8b90bc27a66cd6c1adf36f5b2d8b5e06
SSDEEP

3072:l16dRFvZTJvcbiy93Xrok55R8bj5lYy2d8+elIQuOpjeCyE/tvxg+jqpN4lCp29:7qRNRJWt93b55RKjzYV8+elIQwChRF

Score

7^/10

Deletes itself 1 IoCs

pid	Process
448	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 100 set thread context of 448	100	rundll32.exe	87

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 100	2132	rundll32.exe	82
PID 2132 wrote to memory of 100	2132	rundll32.exe	82
PID 2132 wrote to memory of 100	2132	rundll32.exe	82
PID 100 wrote to memory of 448	100	rundll32.exe	87
PID 100 wrote to memory of 448	100	rundll32.exe	87
PID 100 wrote to memory of 448	100	rundll32.exe	87
PID 100 wrote to memory of 448	100	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c21be8951a7577d5832156a28b7e912ef60268317fb4ae2319286de3fac6678.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c21be8951a7577d5832156a28b7e912ef60268317fb4ae2319286de3fac6678.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:100
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:448

memory/100-133-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/100-134-0x0000000002280000-0x00000000022AA000-memory.dmp

Filesize
168KB

Download
memory/100-135-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/100-136-0x0000000002280000-0x00000000022AA000-memory.dmp

Filesize
168KB

Download
memory/100-138-0x0000000002280000-0x00000000022AA000-memory.dmp

Filesize
168KB

Download