2416bfe7d5f1215cd6f989407e1115b9fb4a06977f5752ceab1d6e460dfe71db

Analysis

max time kernel
201s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 18:17

Target

33e19e9df294e157b9e5e53c9c0f5f3c.dll
Size

1.0MB
MD5

33e19e9df294e157b9e5e53c9c0f5f3c
SHA1

21cf0f7e0a70ea66aad28c2e35e5ff50c2cc06f3
SHA256

2416bfe7d5f1215cd6f989407e1115b9fb4a06977f5752ceab1d6e460dfe71db
SHA512

fca7dc4d7024712ad3ec75db647f43a8a5f8c110a5e08d27993fe4f5df61bd5258080fea3f77a3ee2a6279ec5afd000b196df6e8da38f8e43fb0f8962fae3a92
SSDEEP

24576:O4JTaRFmXsvIbDO725kcktKgG+aNQsfJTwFRS:7eAsv4O725rtLNQ4JTn

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4372	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1440	4372	WerFault.exe	69

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 4372	336	rundll32.exe	69
PID 336 wrote to memory of 4372	336	rundll32.exe	69
PID 336 wrote to memory of 4372	336	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33e19e9df294e157b9e5e53c9c0f5f3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33e19e9df294e157b9e5e53c9c0f5f3c.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4372
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 664
    3⤵
    - Program crash
    PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4372 -ip 4372
1⤵
PID:3596

memory/4372-0-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/4372-1-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download
memory/4372-2-0x0000000000400000-0x000000000063B000-memory.dmp

Filesize
2.2MB

Download