3c4e667e65abaebf029f6726b5e2997baab80b8ac0abcb1ba5c03dc017e1138b

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 18:03

Target

3c4e667e65abaebf029f6726b5e2997baab80b8ac0abcb1ba5c03dc017e1138b.dll
Size

2.8MB
MD5

5d8062753f4e3431f0b2f8cbc3eef026
SHA1

9d5f5be5e011bceb23d8b712c138ce6c1adb6bec
SHA256

3c4e667e65abaebf029f6726b5e2997baab80b8ac0abcb1ba5c03dc017e1138b
SHA512

67e132f6ec13e491e400e9802eb6003f510a857a855e60bb54ff392897886fe2de57e1d944388cfb5394595beb51c703dfb9789cf6f9ece0410e3e99875c7113
SSDEEP

49152:XbdUgMVzGaEHrgncuKIS8Q1Zljgs3J/2CBbMzxoSm1RMBEN:rdQyLrgcuKIS7+KxK81ay

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2424	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28
PID 1888 wrote to memory of 2424	1888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c4e667e65abaebf029f6726b5e2997baab80b8ac0abcb1ba5c03dc017e1138b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c4e667e65abaebf029f6726b5e2997baab80b8ac0abcb1ba5c03dc017e1138b.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2424

memory/2424-1-0x0000000001F40000-0x000000000220D000-memory.dmp

Filesize
2.8MB

Download
memory/2424-0-0x0000000001F40000-0x000000000220D000-memory.dmp

Filesize
2.8MB

Download
memory/2424-2-0x0000000001F40000-0x000000000220D000-memory.dmp

Filesize
2.8MB

Download
memory/2424-3-0x0000000001F40000-0x000000000220D000-memory.dmp

Filesize
2.8MB

Download
memory/2424-4-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2424-5-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download