f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15

Analysis

max time kernel
153s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 02:53

Target

f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll
Size

524KB
MD5

257b6dfd355ccc6768447427334d00f0
SHA1

de9a557cd193b5e50efb2de24636b4238d53afa4
SHA256

f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15
SHA512

417d45d014ecd8b1a689cbb7efae8dbaf7672a65e6dc12064f6c0184e378a1fd94da8d60374be0a88996d45542db9579a94ac943a9f91159e804fb52ab456ee8
SSDEEP

6144:FC7qQbGWa4BwB4TmvSoDMEFGb1Wb6ngKnXa71NT3gvxrwGvvByt+HOL:Cc4Tmv9MuGq6n5nXcQSrAu

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2968	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 2968	3460	rundll32.exe	82
PID 3460 wrote to memory of 2968	3460	rundll32.exe	82
PID 3460 wrote to memory of 2968	3460	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2d6ac7a4d16ff6d134ae94274c145a3abb61ed038c3edbe340eb955e2e60f15.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2968

memory/2968-134-0x0000000010000000-0x0000000010085000-memory.dmp

Filesize
532KB

Download
memory/2968-135-0x0000000010000000-0x0000000010085000-memory.dmp

Filesize
532KB

Download