21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9

Analysis

max time kernel
131s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 07:05

Target

21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll
Size

359KB
MD5

60c4cb191bd11ccd0bf9de4c84cc6bf5
SHA1

311600d031e660e2f2f947168cafe9586cb83ebb
SHA256

21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9
SHA512

de95387330658ddb3dc887563fb1c20ae839974863b2bd276c1382c5791d747fef1106f3af4b2b6c82c1cb8cef2bc4b0ccff7f369ec626f4cf10c8a500ba39b6
SSDEEP

6144:BwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:CkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 3636	3688	rundll32.exe	81
PID 3688 wrote to memory of 3636	3688	rundll32.exe	81
PID 3688 wrote to memory of 3636	3688	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21d3872039f70e9391126e70da8b9cf85c22c8a71e878c906983ecb321bfc7b9.dll,#1
  2⤵
  PID:3636

memory/3636-133-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/3636-134-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download