ad85cd0a2366d40fd818866de07517d1349f8b994fe4ed9343369ee07e2c87f5

Analysis

max time kernel
203s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2022 03:13

Target

ad85cd0a2366d40fd818866de07517d1349f8b994fe4ed9343369ee07e2c87f5.dll
Size

61KB
MD5

dc67d55eeb686b2d493cad56a9022130
SHA1

a428f7c525c774c596313096584eab983f4483b5
SHA256

ad85cd0a2366d40fd818866de07517d1349f8b994fe4ed9343369ee07e2c87f5
SHA512

822244f011dbe769f40c9b0edb8c656afb117200c8913ca758bac818fac894de4f3193611f516f8f9e16c4b494ba4b9e250f7fc2ff244c203152bba08b8128b7
SSDEEP

1536:Cp7FR9PjMoTYi6sYQqqPR6F0uJTZb5H4SaZDejWwfiQVT4v1KRn:Cp7FfrDT968qIRSJlrY6b/VcMl

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\nizemigu.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\razufolu	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4732	rundll32.exe
4732	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 4732	4836	rundll32.exe	82
PID 4836 wrote to memory of 4732	4836	rundll32.exe	82
PID 4836 wrote to memory of 4732	4836	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad85cd0a2366d40fd818866de07517d1349f8b994fe4ed9343369ee07e2c87f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad85cd0a2366d40fd818866de07517d1349f8b994fe4ed9343369ee07e2c87f5.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:4732

memory/4732-133-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/4732-134-0x0000000000F90000-0x0000000000F99000-memory.dmp

Filesize
36KB

Download
memory/4732-135-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/4732-136-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download