86326c92a6849682d4d44f907afbd637919d326649bbdd8220a9c0a9b79341d8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 06:40

Target

86326c92a6849682d4d44f907afbd637919d326649bbdd8220a9c0a9b79341d8.dll
Size

5.4MB
MD5

939cbf795e189138fd0800b845833746
SHA1

c061f1e77feec67b301a9bccdac83caf7bc95168
SHA256

86326c92a6849682d4d44f907afbd637919d326649bbdd8220a9c0a9b79341d8
SHA512

30e414e44e8df131f4f1c8b9705bd640e60eebd6429bbfe8edea3372af55dbfe39626debbbc2d600544a4928ce441412b2f9857a3cc7963a103d0bbb7b2493c1
SSDEEP

98304:NcY53mNsbTMihhi95dnrfHs+LeQ7oGJh543kSuHh6H1:NVW2TlQvdrPLXoY43LuHg

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
1	2756	rundll32.exe
2	2756	rundll32.exe

Unexpected DNS network traffic destination 2 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2756	rundll32.exe
2756	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 2756	5032	rundll32.exe	82
PID 5032 wrote to memory of 2756	5032	rundll32.exe	82
PID 5032 wrote to memory of 2756	5032	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86326c92a6849682d4d44f907afbd637919d326649bbdd8220a9c0a9b79341d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86326c92a6849682d4d44f907afbd637919d326649bbdd8220a9c0a9b79341d8.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:2756

memory/2756-4-0x00000000748F4000-0x0000000074C15000-memory.dmp

Filesize
3.1MB

Download
memory/2756-1-0x00000000746C0000-0x0000000075179000-memory.dmp

Filesize
10.7MB

Download
memory/2756-0-0x0000000001620000-0x0000000001621000-memory.dmp

Filesize
4KB

Download
memory/2756-5-0x00000000746C0000-0x0000000075179000-memory.dmp

Filesize
10.7MB

Download