d1dd9ca56d1f55ab0cf837d471b607ad815947b4a7f0e62444218bfd6f462c0a

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:59

Target

d1dd9ca56d1f55ab0cf837d471b607ad815947b4a7f0e62444218bfd6f462c0a.dll
Size

176KB
MD5

83b6dec6b494c9a94630ac7d1a8e4036
SHA1

f9c0f7e452db6823a3e05bf9a430ae2d97d674df
SHA256

d1dd9ca56d1f55ab0cf837d471b607ad815947b4a7f0e62444218bfd6f462c0a
SHA512

b37c0ed38a523491058031ed5068a289804393ca2667813263c5d61348bb356c27de928c6251b430b8a68fb225d6807b2ce10c23249f3a5455adc1889533d570
SSDEEP

3072:eddFYzMshBJXGuph+/TgmgcITXAx4cKTarNnvqkBOxt4dNWaYRE2m9Ij:edvQl1m/TgPrTCKT6NnASAF1

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1228	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27
PID 1840 wrote to memory of 1228	1840	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1dd9ca56d1f55ab0cf837d471b607ad815947b4a7f0e62444218bfd6f462c0a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1dd9ca56d1f55ab0cf837d471b607ad815947b4a7f0e62444218bfd6f462c0a.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1228

memory/1228-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download
memory/1228-56-0x0000000010000000-0x0000000010072000-memory.dmp

Filesize
456KB

Download
memory/1228-57-0x0000000010000000-0x0000000010072000-memory.dmp

Filesize
456KB

Download