9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34

Analysis

max time kernel
167s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 08:58

Target

9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll
Size

270KB
MD5

03fed6711fff1ea2b61d69ed96810310
SHA1

4b2f03079455ba7e1d88bf20339450b78c719023
SHA256

9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34
SHA512

a1d6878fb3c84b14143e42bc9c2452689d026f47a3b07beb580a39413a37f40a68ab9f5cb086fcbb0f4cf7733ab0e5c73a31ec37cce69a11deaa0933eaf0318e
SSDEEP

6144:l3zkKwiJaKY9wmgKkV9NtaolEY092oZVQMn9iR12zkmpRQzy:l3qiJanKKY9Wog2az8R1ktpY

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4248	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2324 set thread context of 4248	2324	rundll32.exe	83

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2324	1736	rundll32.exe	81
PID 1736 wrote to memory of 2324	1736	rundll32.exe	81
PID 1736 wrote to memory of 2324	1736	rundll32.exe	81
PID 2324 wrote to memory of 4248	2324	rundll32.exe	83
PID 2324 wrote to memory of 4248	2324	rundll32.exe	83
PID 2324 wrote to memory of 4248	2324	rundll32.exe	83
PID 2324 wrote to memory of 4248	2324	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c135d2f8f64fe1ed99baaa8c1543d776d89dca209bb2389ae0184c767495d34.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:4248

memory/2324-133-0x0000000075750000-0x0000000075797000-memory.dmp

Filesize
284KB

Download
memory/2324-134-0x0000000075750000-0x0000000075797000-memory.dmp

Filesize
284KB

Download
memory/2324-135-0x0000000075C30000-0x0000000075C51000-memory.dmp

Filesize
132KB

Download
memory/2324-136-0x0000000075C00000-0x0000000075C21000-memory.dmp

Filesize
132KB

Download
memory/2324-137-0x0000000075C00000-0x0000000075C21000-memory.dmp

Filesize
132KB

Download