530a6e800945018f9b285aa616a98a582e13f6a8480cf316613efffe772706a6

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 22:59

Target

530a6e800945018f9b285aa616a98a582e13f6a8480cf316613efffe772706a6.dll
Size

709KB
MD5

ad6573f3996d95cf17f676ab7c2d643f
SHA1

94a308f23053a89e549d30f001626ad766f8ee6d
SHA256

530a6e800945018f9b285aa616a98a582e13f6a8480cf316613efffe772706a6
SHA512

ffa5be767cd049098c2838ac0814944e10cd5c4eae21598e59cec2b325e15b793b978a483ca85a015ef1badb0ea0d602b8d93500ef6ea093979330b37f2529c6
SSDEEP

12288:AQNbS6pR/FB8JtSj7LKM9Goz+OGGnpJ6CuDXr4N/6a+3AH1INKUMd:A4bzph38Duc8+fGnpA+h6lAVIUUMd

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	1084	rundll32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1084	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1084	1624	rundll32.exe	84
PID 1624 wrote to memory of 1084	1624	rundll32.exe	84
PID 1624 wrote to memory of 1084	1624	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\530a6e800945018f9b285aa616a98a582e13f6a8480cf316613efffe772706a6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\530a6e800945018f9b285aa616a98a582e13f6a8480cf316613efffe772706a6.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1084

memory/1084-2-0x0000000074B20000-0x0000000074C87000-memory.dmp

Filesize
1.4MB

Download
memory/1084-0-0x0000000074B20000-0x0000000074C87000-memory.dmp

Filesize
1.4MB

Download