2b2dc2cb9374c3e15de718981e174c88c9bc24e0af19d33c56d1dd1c0107bcd0

Analysis

max time kernel
134s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 05:18

Target

2b2dc2cb9374c3e15de718981e174c88c9bc24e0af19d33c56d1dd1c0107bcd0.dll
Size

135KB
MD5

2de7a1aad2da8d409884de321823f6d9
SHA1

8d8cd005f9dd351b5a82e64aebae8fa2e1310b29
SHA256

2b2dc2cb9374c3e15de718981e174c88c9bc24e0af19d33c56d1dd1c0107bcd0
SHA512

937b6cc30084df8768b48465df8953624df7ae0ea7ebfd2c3289856d42be16d7bcdf2dadf94e99b741883ed7b08bbdec27cfe68b56f612019dbe1cdffc04f2c2
SSDEEP

1536:cwRoHwaRLqfo+RQslqC5hBXRDaceixHDyo/Jrc9LrBH1OC5rggwHWQFgE/XuCCR5:C+WchXoUNFfnmTY+paQvH58e

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2560	2256	rundll32.exe	81
PID 2256 wrote to memory of 2560	2256	rundll32.exe	81
PID 2256 wrote to memory of 2560	2256	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b2dc2cb9374c3e15de718981e174c88c9bc24e0af19d33c56d1dd1c0107bcd0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b2dc2cb9374c3e15de718981e174c88c9bc24e0af19d33c56d1dd1c0107bcd0.dll,#1
  2⤵
  PID:2560

memory/2560-133-0x000000006D310000-0x000000006D336000-memory.dmp

Filesize
152KB

Download