b221dc624e5fe9e277de1b71d24d739e1afb5292a14a76dacc5bb86856fe8d0c

Analysis

max time kernel
264s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 17:54

Target

b221dc624e5fe9e277de1b71d24d739e1afb5292a14a76dacc5bb86856fe8d0c.dll
Size

53KB
MD5

0d4d4a2a8c6708388fbe5e6629494426
SHA1

e48cbb3fa40dac6680839a60f465da7f72251fba
SHA256

b221dc624e5fe9e277de1b71d24d739e1afb5292a14a76dacc5bb86856fe8d0c
SHA512

b1999ad5344f65e2925548baa14e1eea3d815705ef44ca64c1a8b42a5667da8e45970570b02616e0c4233851c61e93a7a33db645d97ac9a1dc24ca814c1f636e
SSDEEP

768:T/k0hbl6VPrPmORgj46Z/wrOjOFwJxkEXkRJ8NeJRCvCuovQrSmLBfQFwLS:Npl6VzPRt6RGw0PRCvCuo0S6YFn

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2940 set thread context of 4500	2940	rundll32.exe	81

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2940	3556	rundll32.exe	78
PID 3556 wrote to memory of 2940	3556	rundll32.exe	78
PID 3556 wrote to memory of 2940	3556	rundll32.exe	78
PID 2940 wrote to memory of 4500	2940	rundll32.exe	81
PID 2940 wrote to memory of 4500	2940	rundll32.exe	81
PID 2940 wrote to memory of 4500	2940	rundll32.exe	81
PID 2940 wrote to memory of 4500	2940	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b221dc624e5fe9e277de1b71d24d739e1afb5292a14a76dacc5bb86856fe8d0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b221dc624e5fe9e277de1b71d24d739e1afb5292a14a76dacc5bb86856fe8d0c.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2940 -ip 2940
1⤵
PID:5048