ef8ba1fabd86fa17115567e9fc389cb64d8c05fb1768b2372ae493830be515de

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 20:46

Target

1c1e418278b4e3b5994d859233533fc6.dll
Size

18KB
MD5

1c1e418278b4e3b5994d859233533fc6
SHA1

fe8203089e3d1a29f848bb361934680fa8ee1d78
SHA256

ef8ba1fabd86fa17115567e9fc389cb64d8c05fb1768b2372ae493830be515de
SHA512

0494994b2dd37fef925dbdb69b5b00b4a9d52f67e003c819558c401769b09f36df5b1e44f8bef0bc2a977d7df7a20e39083c3c465a350124009dd6f92d57c4f8
SSDEEP

384:8bfowvW+8XhqYZCAzpdviVznR+c6qE1VlmFg8pkExFW/snM4JmSH:8bfosmCAXiVzR+X5IkExznMymk

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
6	2072	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msepion.sys	rundll32.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2072	5000	rundll32.exe	71
PID 5000 wrote to memory of 2072	5000	rundll32.exe	71
PID 5000 wrote to memory of 2072	5000	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c1e418278b4e3b5994d859233533fc6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c1e418278b4e3b5994d859233533fc6.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Drops file in System32 directory
  PID:2072

memory/2072-0-0x0000000025000000-0x0000000025020000-memory.dmp

Filesize
128KB

Download