0a48058479c0fcbab89da7c7d7c6f22be63b53d05a816a851d410a21ff4b89a5

Analysis

max time kernel
104s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 17:04

Target

0a48058479c0fcbab89da7c7d7c6f22be63b53d05a816a851d410a21ff4b89a5.dll
Size

363KB
MD5

740e090f647e54ba45fb3d6c00884d70
SHA1

1689ce576820b802032f0de97a0f11d592100da3
SHA256

0a48058479c0fcbab89da7c7d7c6f22be63b53d05a816a851d410a21ff4b89a5
SHA512

fdf28259401c246a3b0e0922fea10486996d430c8a381beded75bede606bc3765e4d9ae2ff5883229aa62cea8451b943392497e51f797a9e678c1e23220713de
SSDEEP

6144:cBMkUBCVRJtsuov9rV1pbBkW8EN9uQI2EGgIC:cpzsuo1r3pbBk7KM12EVr

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4960	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 4960	5036	rundll32.exe	81
PID 5036 wrote to memory of 4960	5036	rundll32.exe	81
PID 5036 wrote to memory of 4960	5036	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a48058479c0fcbab89da7c7d7c6f22be63b53d05a816a851d410a21ff4b89a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a48058479c0fcbab89da7c7d7c6f22be63b53d05a816a851d410a21ff4b89a5.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4960