eb128c1a6088c1cc77aae60a69b58acd99b1b19d0140b237d850f37dfb0dad15

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:46

Target

022d8028d3ffc9767b04da20e1fc8611.dll
Size

204KB
MD5

022d8028d3ffc9767b04da20e1fc8611
SHA1

b588b24aff540b90ee770bede36c2ab374b996c3
SHA256

eb128c1a6088c1cc77aae60a69b58acd99b1b19d0140b237d850f37dfb0dad15
SHA512

8f33d1c5d279a8bc63a238889f7fd16622fd22d7e28495e0787778cb26188acba0f0613e78f6aaf9bcfaad9175240490a1c9209fbbcbe598acf38463143c2669
SSDEEP

6144:MBPFEPz3bwRoQbJ6HQR13dM2mgzwujSS:odwcoa6c3nVz5v

Score

7^/10

Deletes itself 1 IoCs

pid	Process
4856	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4544 set thread context of 4856	4544	rundll32.exe	91

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 4544	3172	rundll32.exe	90
PID 3172 wrote to memory of 4544	3172	rundll32.exe	90
PID 3172 wrote to memory of 4544	3172	rundll32.exe	90
PID 4544 wrote to memory of 4856	4544	rundll32.exe	91
PID 4544 wrote to memory of 4856	4544	rundll32.exe	91
PID 4544 wrote to memory of 4856	4544	rundll32.exe	91
PID 4544 wrote to memory of 4856	4544	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\022d8028d3ffc9767b04da20e1fc8611.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\022d8028d3ffc9767b04da20e1fc8611.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4544
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Deletes itself
    PID:4856

memory/4544-0-0x00000000005B0000-0x00000000005DA000-memory.dmp

Filesize
168KB

Download
memory/4544-1-0x0000000030670000-0x00000000306A3000-memory.dmp

Filesize
204KB

Download
memory/4544-2-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4544-3-0x0000000030670000-0x00000000306A3000-memory.dmp

Filesize
204KB

Download
memory/4544-4-0x00000000005B0000-0x00000000005DA000-memory.dmp

Filesize
168KB

Download