b163a83ffa663e5a18cd1a7a6f9e0d06be9e8f2dcfdbc73b7bb380664ac09855

Analysis

max time kernel
143s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:52

Target

b163a83ffa663e5a18cd1a7a6f9e0d06be9e8f2dcfdbc73b7bb380664ac09855.dll
Size

20KB
MD5

a24cbb5a0afeda613adcf00023e46f7d
SHA1

62378580daadcc3d1f73ce910fef6801e7425037
SHA256

b163a83ffa663e5a18cd1a7a6f9e0d06be9e8f2dcfdbc73b7bb380664ac09855
SHA512

9f29a66a43938ff2f9836e51db054e50ec62c106232d1d2c8cd121f0d61b9aae5fc5a3ec0ee3bfacfaef6153f0cabdf1759a89da05282c480eec2c18d5214c9b
SSDEEP

384:zSG/2Jp+C6QhtmruxCcdIL+0XplcCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcx2OqaewG

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
1444	rundll32.exe
1444	rundll32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1444	1312	rundll32.exe	76
PID 1312 wrote to memory of 1444	1312	rundll32.exe	76
PID 1312 wrote to memory of 1444	1312	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b163a83ffa663e5a18cd1a7a6f9e0d06be9e8f2dcfdbc73b7bb380664ac09855.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b163a83ffa663e5a18cd1a7a6f9e0d06be9e8f2dcfdbc73b7bb380664ac09855.dll,#1
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1444

C:\Users\Admin\AppData\Local\Temp\B2CA.tmp

Filesize
20KB

MD5
ea5fd19c9c53ca33eaf160489ae97ae3

SHA1
73f9fe886a0b41ca1eb08d72f53878e9e02fbddb

SHA256
9859365464cc5aea3c516d377a58bc18d72115b56771e3af4f93ec4a5a6a6abd

SHA512
58980d19660f06f122d9952b787995b408fd9cc13d0528022bbaaaf30760badfdd263b438bbcc1be63a1e52782d6f52ff5cccf87f34a3652007b73acb5fcb5d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\B2CA.tmp

Filesize
20KB

MD5
ea5fd19c9c53ca33eaf160489ae97ae3

SHA1
73f9fe886a0b41ca1eb08d72f53878e9e02fbddb

SHA256
9859365464cc5aea3c516d377a58bc18d72115b56771e3af4f93ec4a5a6a6abd

SHA512
58980d19660f06f122d9952b787995b408fd9cc13d0528022bbaaaf30760badfdd263b438bbcc1be63a1e52782d6f52ff5cccf87f34a3652007b73acb5fcb5d4

Download Submit
memory/1444-135-0x00000000001F1000-0x00000000001F3000-memory.dmp

Filesize
8KB

Download