2ad34c69a901497186d18dcda7f86163377a07a9352c2d6a62afad934c55be98

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 04:49

Target

adbb5f447cebcde94a842d4b809ce100.dll
Size

1017KB
MD5

adbb5f447cebcde94a842d4b809ce100
SHA1

3e163f71201938873249856663396f2b50c9e8e1
SHA256

2ad34c69a901497186d18dcda7f86163377a07a9352c2d6a62afad934c55be98
SHA512

3ac02f96bb85557bceee02f3bbd15983c2a8ae5d5639b43e70416ed6afe25d1d9aea93dd4938ec8be8ad8c954d1f94c02ee4d5f9cbaefddd9f4962f5a0ea33b9
SSDEEP

12288:2RH7d2wZGmqV6zY2fFBfU4z7xib+AJzKFXRZb7iwCtja9SQYf6ffsg6YDN0xE:29B2w3qVqY2jffvLYGb0hmSQE6ff16ih

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2020	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2020	4580	rundll32.exe	93
PID 4580 wrote to memory of 2020	4580	rundll32.exe	93
PID 4580 wrote to memory of 2020	4580	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adbb5f447cebcde94a842d4b809ce100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adbb5f447cebcde94a842d4b809ce100.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4192 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:2472

memory/2020-0-0x0000000010000000-0x0000000010102000-memory.dmp

Filesize
1.0MB

Download