d2ba009a4a0de5484be327f41812c3a0c08dc1755620c1b198b3a3330fb4e5ed

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 01:35

Target

d2ba009a4a0de5484be327f41812c3a0c08dc1755620c1b198b3a3330fb4e5ed.dll
Size

5.4MB
MD5

db5849275ada97b66346819b50a3b6c1
SHA1

b253e285428e99171ba7a465a3b6d6e06c529b31
SHA256

d2ba009a4a0de5484be327f41812c3a0c08dc1755620c1b198b3a3330fb4e5ed
SHA512

08793ebc85397a159e67f15d8e561ddd37c7fdd9de85b3313d476b240bd95a4b5a8992dbf80afd79a8bf3a39e203e28f09998e76ec13c5dcf203f50b4f1a1ab7
SSDEEP

98304:CVxEsouVUnHr0ntn9OIgcX9q4e113oWRVlw8XgurxUVJLjRIfHBizP:4xSuVUHr0ntVq4j4RgG+fIP

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1164	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1164	2004	rundll32.exe	82
PID 2004 wrote to memory of 1164	2004	rundll32.exe	82
PID 2004 wrote to memory of 1164	2004	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2ba009a4a0de5484be327f41812c3a0c08dc1755620c1b198b3a3330fb4e5ed.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2ba009a4a0de5484be327f41812c3a0c08dc1755620c1b198b3a3330fb4e5ed.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1164

memory/1164-4-0x00000000745AD000-0x00000000748BD000-memory.dmp

Filesize
3.1MB

Download
memory/1164-0-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/1164-1-0x0000000074580000-0x0000000074ED0000-memory.dmp

Filesize
9.3MB

Download