072198809a3fc348727f7b6571c29567ae41c59743d7dbfbd5fb5050b9b394f7

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 02:57

Target

072198809a3fc348727f7b6571c29567ae41c59743d7dbfbd5fb5050b9b394f7.dll
Size

1.8MB
MD5

0cd700d3c30fe6c8fb41834de7467fac
SHA1

5fade53d3865118af01313c13c60997ab1042fd4
SHA256

072198809a3fc348727f7b6571c29567ae41c59743d7dbfbd5fb5050b9b394f7
SHA512

c74d7e21d7269fb7596dbf859520977bc688759666abfa756d94a67c1a30decabd1eb157664a6313f8aadd8a8afa17a3b74a56539f293516c61c43e2e766ceea
SSDEEP

49152:q1EexXh1CcPT/y+vH3JyGEd2J7VXX8Pkz+6tpl+e4vIOc7GLV67x8KBDz8:qVB+6tpl+e4vIO9567s

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32.exe	rundll32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4808	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 4808	3824	rundll32.exe	86
PID 3824 wrote to memory of 4808	3824	rundll32.exe	86
PID 3824 wrote to memory of 4808	3824	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\072198809a3fc348727f7b6571c29567ae41c59743d7dbfbd5fb5050b9b394f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\072198809a3fc348727f7b6571c29567ae41c59743d7dbfbd5fb5050b9b394f7.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4808

memory/4808-0-0x0000000010000000-0x0000000010321000-memory.dmp

Filesize
3.1MB

Download
memory/4808-1-0x0000000010000000-0x0000000010321000-memory.dmp

Filesize
3.1MB

Download