d9052e32b94a1134e57b0c9a89a2e32fa63a1a60967d2c778fa5a5a69b057f58

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 19:54

Target

d9052e32b94a1134e57b0c9a89a2e32fa63a1a60967d2c778fa5a5a69b057f58.dll
Size

253KB
MD5

7155de08565d72a033fcfa07d4fa1ce0
SHA1

8a904416360441ada88efcdf969d303634f27100
SHA256

d9052e32b94a1134e57b0c9a89a2e32fa63a1a60967d2c778fa5a5a69b057f58
SHA512

71476ce70cd0bb5498c675f5abdbe39fea1e975fef5e6817c4da2453c1100b4d60219286837ea9c5ffd5b3b68fa759fcac4d2971c1a7039b0c34154d91b5f1b3
SSDEEP

6144:Mn1IV5RWsjNKFFkQLkwsq7Ok/hmP62S4hW6MdLawj+o+MOZPlCmcyqjnZyvy9H+8:C1wRWsjNKF2BL0n/hmP660Ckks

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4880	4964	rundll32.exe	81
PID 4964 wrote to memory of 4880	4964	rundll32.exe	81
PID 4964 wrote to memory of 4880	4964	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9052e32b94a1134e57b0c9a89a2e32fa63a1a60967d2c778fa5a5a69b057f58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9052e32b94a1134e57b0c9a89a2e32fa63a1a60967d2c778fa5a5a69b057f58.dll,#1
  2⤵
  PID:4880

memory/4880-133-0x0000000074D70000-0x0000000074DB3000-memory.dmp

Filesize
268KB

Download
memory/4880-134-0x0000000074D70000-0x0000000074DB3000-memory.dmp

Filesize
268KB

Download