68d3f9b59d8ca30e9972c520a763f07f3de3b508e8db844775956b2604069de6

Analysis

max time kernel
129s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:55

Target

68d3f9b59d8ca30e9972c520a763f07f3de3b508e8db844775956b2604069de6.dll
Size

280KB
MD5

6c49346d93e772e99e7bd9e32dd6960d
SHA1

653ca55efd91c4cad040c22f40b6837cbfccdb79
SHA256

68d3f9b59d8ca30e9972c520a763f07f3de3b508e8db844775956b2604069de6
SHA512

886f36103118f577e5c9f727dc630dae2e44c590299118d31391442a275f5980c0337aad638674a09079c4098beb5c3f759a97ee30eb80f5865942dcc27684a7
SSDEEP

3072:HpdnaV4rkDnUiCD50Aa+ibDeLtpoO3jShFirvZCiDP/YT3CkYq1MUh7s3/dgcCUc:HTn+4ronUyxbDQ2qh5DPKSIMIIv12

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 404	848	rundll32.exe	81
PID 848 wrote to memory of 404	848	rundll32.exe	81
PID 848 wrote to memory of 404	848	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68d3f9b59d8ca30e9972c520a763f07f3de3b508e8db844775956b2604069de6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68d3f9b59d8ca30e9972c520a763f07f3de3b508e8db844775956b2604069de6.dll,#1
  2⤵
  PID:404

memory/404-134-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download
memory/404-133-0x0000000000630000-0x000000000066C000-memory.dmp

Filesize
240KB

Download
memory/404-135-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download