dcb70bab4d85be925331faf1b111b2fa83b93624fa051b19fa8f0d2696131322

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:42

Target

2dfb3d8f5637c72e63a98cd1e5ef0563.dll
Size

647KB
MD5

2dfb3d8f5637c72e63a98cd1e5ef0563
SHA1

128bb437d39045f5efa0a89b67da9bcbacd7c83e
SHA256

dcb70bab4d85be925331faf1b111b2fa83b93624fa051b19fa8f0d2696131322
SHA512

92015b0bb0ad0acaf4cb309483552000be4371cd906b8b1c510dd377d09e169959490796136769b202a58951b706c943d6a23dec605c7986d281c4bf3ee2d881
SSDEEP

12288:XG6yo7YNQIGnBaWnBsPDqWOFAnS7g4cmIauUPnIpx6k7v/L9c:26jwQNBaWnBCqq34X1kLXL9c

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4952	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4952	rundll32.exe
4952	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4952	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 4952	2328	rundll32.exe	52
PID 2328 wrote to memory of 4952	2328	rundll32.exe	52
PID 2328 wrote to memory of 4952	2328	rundll32.exe	52

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dfb3d8f5637c72e63a98cd1e5ef0563.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dfb3d8f5637c72e63a98cd1e5ef0563.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4952

memory/4952-0-0x0000000074FB0000-0x00000000753A1000-memory.dmp

Filesize
3.9MB

Download
memory/4952-2-0x0000000074FB0000-0x00000000753A1000-memory.dmp

Filesize
3.9MB

Download