489d9097c724c634175bf5caeb4a4e319c1b1f28a2176be303aa6d37ccf60f30

Analysis

max time kernel
130s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 06:39

Target

489d9097c724c634175bf5caeb4a4e319c1b1f28a2176be303aa6d37ccf60f30.dll
Size

10KB
MD5

2193747b0c4c7c599e5aa33a5db36b68
SHA1

9591f88f1840b0db137a89519fd7658753c98575
SHA256

489d9097c724c634175bf5caeb4a4e319c1b1f28a2176be303aa6d37ccf60f30
SHA512

1ec3c87e389d546761e28aef14c5015177462b73bba6772c4d1a7ae20ed16db27962375bca386307ffa5da159e42cf38846e802162ac80148a89a7fb0dcb6103
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:6dHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3440	4920	rundll32.exe	83
PID 4920 wrote to memory of 3440	4920	rundll32.exe	83
PID 4920 wrote to memory of 3440	4920	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\489d9097c724c634175bf5caeb4a4e319c1b1f28a2176be303aa6d37ccf60f30.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\489d9097c724c634175bf5caeb4a4e319c1b1f28a2176be303aa6d37ccf60f30.dll,#1
  2⤵
  PID:3440

memory/3440-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download