04c2a88d51157dbaa5f2b1dc00b838125f5d757d74c63641cc96feb2c3155d51

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 23:37

Target

04c2a88d51157dbaa5f2b1dc00b838125f5d757d74c63641cc96feb2c3155d51.dll
Size

48KB
MD5

e4415dff8d3a24240ce4b346df7faf70
SHA1

58107b1547298fecacc7f50e2255d71d86a9481a
SHA256

04c2a88d51157dbaa5f2b1dc00b838125f5d757d74c63641cc96feb2c3155d51
SHA512

a6579191d85776ffbb4312acaae6c8140336be7cd9bb1043a2b31e44b22a7ec970e085f58252826991212e6bb20d699eed834d53861ff06468c4f7a12de184d0
SSDEEP

768:N9VMWICbnmiZfFdElu4uSKwg1HaVnhwMdNjXFDuQ+jEX49Ebvax:NnDhFnwg1Hae8TFD7Sk1vg

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\vevorofo.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\wejahane	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	rundll32.exe
2816	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2816	rundll32.exe
2816	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2816	2672	rundll32.exe	79
PID 2672 wrote to memory of 2816	2672	rundll32.exe	79
PID 2672 wrote to memory of 2816	2672	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04c2a88d51157dbaa5f2b1dc00b838125f5d757d74c63641cc96feb2c3155d51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04c2a88d51157dbaa5f2b1dc00b838125f5d757d74c63641cc96feb2c3155d51.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2816

memory/2816-132-0x0000000000000000-mapping.dmp

Download
memory/2816-133-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2816-134-0x0000000002CE0000-0x0000000002CE5000-memory.dmp

Filesize
20KB

Download
memory/2816-135-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download