f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15

Analysis

max time kernel
34s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 02:53

Target

f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll
Size

524KB
MD5

257b6dfd355ccc6768447427334d00f0
SHA1

de9a557cd193b5e50efb2de24636b4238d53afa4
SHA256

f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15
SHA512

417d45d014ecd8b1a689cbb7efae8dbaf7672a65e6dc12064f6c0184e378a1fd94da8d60374be0a88996d45542db9579a94ac943a9f91159e804fb52ab456ee8
SSDEEP

6144:FC7qQbGWa4BwB4TmvSoDMEFGb1Wb6ngKnXa71NT3gvxrwGvvByt+HOL:Cc4Tmv9MuGq6n5nXcQSrAu

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
304	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27
PID 1628 wrote to memory of 304	1628	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:304

memory/304-55-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download
memory/304-56-0x0000000010000000-0x0000000010085000-memory.dmp

Filesize
532KB

Download