37559bade6235f0773a60e9c7414dde6f5d4fc96291eaeee1557b5c56d5d5bdb

Analysis

max time kernel
175s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 16:59

Target

37559bade6235f0773a60e9c7414dde6f5d4fc96291eaeee1557b5c56d5d5bdb.dll
Size

6.3MB
MD5

11a8860306dc1f96cf2d58354761be85
SHA1

f1bc6bcebcee59266bf489673e07eaa348ad28e9
SHA256

37559bade6235f0773a60e9c7414dde6f5d4fc96291eaeee1557b5c56d5d5bdb
SHA512

19cbd90cad449515437a807b54546339a6759032591d26ee4ec978b180d920226db7398b8e9d34cb258f347e1c103dba2ad119012e6f35a88fded8201aa0d38c
SSDEEP

196608:tfpBL/vSSscajFuqvOuCHE5iNx4u1QMmE13iIZ5O:3BL/vTsPIzVki2lq139Zs

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3940	rundll32.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3940	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3940	rundll32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 3940	3768	rundll32.exe	86
PID 3768 wrote to memory of 3940	3768	rundll32.exe	86
PID 3768 wrote to memory of 3940	3768	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37559bade6235f0773a60e9c7414dde6f5d4fc96291eaeee1557b5c56d5d5bdb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37559bade6235f0773a60e9c7414dde6f5d4fc96291eaeee1557b5c56d5d5bdb.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3940

memory/3940-0-0x0000000074AB0000-0x0000000075109000-memory.dmp

Filesize
6.3MB

Download
memory/3940-1-0x0000000074AB0000-0x0000000075109000-memory.dmp

Filesize
6.3MB

Download
memory/3940-2-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/3940-3-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

Filesize
4KB

Download
memory/3940-5-0x0000000001030000-0x0000000001031000-memory.dmp

Filesize
4KB

Download
memory/3940-4-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/3940-6-0x0000000001040000-0x0000000001041000-memory.dmp

Filesize
4KB

Download
memory/3940-7-0x0000000001050000-0x0000000001051000-memory.dmp

Filesize
4KB

Download
memory/3940-8-0x0000000001060000-0x0000000001061000-memory.dmp

Filesize
4KB

Download
memory/3940-9-0x0000000074AB0000-0x0000000075109000-memory.dmp

Filesize
6.3MB

Download
memory/3940-11-0x000000006D900000-0x000000006D910000-memory.dmp

Filesize
64KB

Download
memory/3940-12-0x00000000758F0000-0x00000000759E0000-memory.dmp

Filesize
960KB

Download
memory/3940-13-0x00000000776A2000-0x00000000776A3000-memory.dmp

Filesize
4KB

Download
memory/3940-14-0x00000000776A2000-0x00000000776A3000-memory.dmp

Filesize
4KB

Download
memory/3940-15-0x0000000074AB0000-0x0000000075109000-memory.dmp

Filesize
6.3MB

Download
memory/3940-16-0x00000000758F0000-0x00000000759E0000-memory.dmp

Filesize
960KB

Download