37214fe6d2de8450a246c0f5d28b656187a3b4cb41dbbd4c362de035fcc3ceca

Analysis

max time kernel
172s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05aeeea8f3048778da8f958a7714aaed.dll
Size

7.1MB
MD5

05aeeea8f3048778da8f958a7714aaed
SHA1

349801ea02f06269ce5b2367b82e347c2ce5d908
SHA256

37214fe6d2de8450a246c0f5d28b656187a3b4cb41dbbd4c362de035fcc3ceca
SHA512

c17baf48530dafe96031f92bfa3a75ef3e105ca017057961f4b51c71a008400f2aa66e9618f8eac6cbf0e9277f2f6f6c43a74add21fdc6d409e1a68b6d52848f
SSDEEP

196608:/65WGsi8BN/rtFQ88qBXLLRXP6JjiZgzFws9Lo:y5Tg7/rtWqNXRf8+gJws9s

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1476	rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe
1476	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 1476	5060	rundll32.exe	91
PID 5060 wrote to memory of 1476	5060	rundll32.exe	91
PID 5060 wrote to memory of 1476	5060	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05aeeea8f3048778da8f958a7714aaed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05aeeea8f3048778da8f958a7714aaed.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1476-0-0x0000000074330000-0x0000000074F67000-memory.dmp

Filesize
12.2MB

Download
memory/1476-1-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/1476-6-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1476-5-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1476-7-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1476-4-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/1476-3-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/1476-2-0x0000000074330000-0x0000000074F67000-memory.dmp

Filesize
12.2MB

Download
memory/1476-8-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1476-9-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1476-10-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1476-14-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1476-13-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1476-16-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1476-20-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/1476-19-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/1476-18-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1476-17-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/1476-15-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1476-12-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1476-11-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1476-21-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1476-22-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1476-24-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1476-25-0x0000000002430000-0x0000000002517000-memory.dmp

Filesize
924KB

Download
memory/1476-23-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download