d71ba57e5b84a8f19da1a7d2301bdb115c3e425ad690b233441c042ee5f29e8b

Analysis

max time kernel
87s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:01

Target

d71ba57e5b84a8f19da1a7d2301bdb115c3e425ad690b233441c042ee5f29e8b.dll
Size

212KB
MD5

7435d736b5dda62c0a8ec8d43776e603
SHA1

2a302111f847c6d7be0fcccbb78ce75e2eb27773
SHA256

d71ba57e5b84a8f19da1a7d2301bdb115c3e425ad690b233441c042ee5f29e8b
SHA512

42715236d1a4fe9541cf06cc908476af6fe6ab30ed7325051865907fa2d888b40de76adadc3ed5a9a8478b641dfdde9036fa696f2bbb7f8a2acf006d28f4b252
SSDEEP

6144:/XzlKvoGsmBjTaewd9PKfIDtLZyI8K+LExPIivX:kwSYd9yGtL8I8rIll

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4568	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3400 set thread context of 4568	3400	rundll32.exe	85

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 3400	5048	rundll32.exe	54
PID 5048 wrote to memory of 3400	5048	rundll32.exe	54
PID 5048 wrote to memory of 3400	5048	rundll32.exe	54
PID 3400 wrote to memory of 4568	3400	rundll32.exe	85
PID 3400 wrote to memory of 4568	3400	rundll32.exe	85
PID 3400 wrote to memory of 4568	3400	rundll32.exe	85
PID 3400 wrote to memory of 4568	3400	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71ba57e5b84a8f19da1a7d2301bdb115c3e425ad690b233441c042ee5f29e8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71ba57e5b84a8f19da1a7d2301bdb115c3e425ad690b233441c042ee5f29e8b.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:4568

memory/3400-133-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3400-134-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3400-135-0x0000000000FC0000-0x0000000000FFD000-memory.dmp

Filesize
244KB

Download
memory/3400-136-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3400-138-0x0000000000FC0000-0x0000000000FFD000-memory.dmp

Filesize
244KB

Download