056d3d086819fe8e6eccd381c8d20c7ec90ff5da8b1a3f98a42b6f65ed733c83

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 07:06

Target

056d3d086819fe8e6eccd381c8d20c7ec90ff5da8b1a3f98a42b6f65ed733c83.dll
Size

10KB
MD5

606992feb69125e0918c40588af16942
SHA1

63aa0e66e65653838c9cf6877ae64fcccf39df63
SHA256

056d3d086819fe8e6eccd381c8d20c7ec90ff5da8b1a3f98a42b6f65ed733c83
SHA512

897f4e8929a03d10a0191902a03b622354208c1c0d4f83525d1214d47afbe2fa2abec1748990f881ef744b7eec88b519914853d65579150dd9cc9595abc925ed
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:6dHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 820	4724	rundll32.exe	84
PID 4724 wrote to memory of 820	4724	rundll32.exe	84
PID 4724 wrote to memory of 820	4724	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\056d3d086819fe8e6eccd381c8d20c7ec90ff5da8b1a3f98a42b6f65ed733c83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\056d3d086819fe8e6eccd381c8d20c7ec90ff5da8b1a3f98a42b6f65ed733c83.dll,#1
  2⤵
  PID:820

memory/820-132-0x0000000000000000-mapping.dmp

Download
memory/820-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download