74e02b4c1d378ddf6d6a3044de54a4eaf17e96507d00310eab0c9b19d9873b07

Analysis

max time kernel
196s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 13:36

Target

74e02b4c1d378ddf6d6a3044de54a4eaf17e96507d00310eab0c9b19d9873b07.dll
Size

198KB
MD5

e7671e61a357d63290fe7d0f807d41c0
SHA1

fd3e0e7210fac482ed6316577097f44c500cb075
SHA256

74e02b4c1d378ddf6d6a3044de54a4eaf17e96507d00310eab0c9b19d9873b07
SHA512

3b4bec1c00c134b269818af7086f1304bf1351ad91197936d04053cc70f72ffd12281098e3ce226532b76a4145d4d6679053ad818a25b90eb1be295be130d63a
SSDEEP

1536:E98D5dJERLy3MjjRNZb8ML8r3L7KcW6U0+UAjpWHw61rAlqWXBBUR1nZiCpwH:q8D5dSLCcdNZoPP7KckwLxAqABUnZlq

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2792	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1676 set thread context of 2792	1676	rundll32.exe	84

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 1676	4644	rundll32.exe	83
PID 4644 wrote to memory of 1676	4644	rundll32.exe	83
PID 4644 wrote to memory of 1676	4644	rundll32.exe	83
PID 1676 wrote to memory of 2792	1676	rundll32.exe	84
PID 1676 wrote to memory of 2792	1676	rundll32.exe	84
PID 1676 wrote to memory of 2792	1676	rundll32.exe	84
PID 1676 wrote to memory of 2792	1676	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74e02b4c1d378ddf6d6a3044de54a4eaf17e96507d00310eab0c9b19d9873b07.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74e02b4c1d378ddf6d6a3044de54a4eaf17e96507d00310eab0c9b19d9873b07.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:2792

memory/1676-133-0x0000000002710000-0x000000000272F000-memory.dmp

Filesize
124KB

Download
memory/1676-134-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1676-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1676-136-0x0000000002710000-0x000000000272F000-memory.dmp

Filesize
124KB

Download