bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9

Analysis

max time kernel
90s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:21

Target

bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll
Size

48KB
MD5

22fda62b6ec4809f9537f54883f51812
SHA1

58c5272f9aa01d8c6e119fe70d6064affebf6a8b
SHA256

bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9
SHA512

83e5ba8b671cc0bc1834e13baae105afd60e679f57da577226fa2f66939590e0ca2f27982ec597f79b0888efaf49a120fd675da10773c0463cbd6e4e9a5ae4db
SSDEEP

768:AWt01kvd3EK+XuNY5yas6hrBygBtFn5B9FNERvsDPf08EMY6wQOZq0FuZ8:/Qkh1++GK6hsgn5B9b9P8MYrQOZq+u6

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\tiyipubu.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\bapoluri	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4828	rundll32.exe
4828	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4828	4864	rundll32.exe	80
PID 4864 wrote to memory of 4828	4864	rundll32.exe	80
PID 4864 wrote to memory of 4828	4864	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:4828

memory/4828-133-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4828-134-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download