65219dc30904525aab7716de4550a8d2718b9969bd1142cbc67f5a6e751c7cef

Analysis

max time kernel
59s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 22:42

Target

65219dc30904525aab7716de4550a8d2718b9969bd1142cbc67f5a6e751c7cef.dll
Size

216KB
MD5

77e3fb272c73c279a85b53f0b354599e
SHA1

dc565a64c946b1e50209df0263f4c0cce35dee50
SHA256

65219dc30904525aab7716de4550a8d2718b9969bd1142cbc67f5a6e751c7cef
SHA512

650a83776dd3f3c43e5cfb1f7403422eadc5e41794f9926686b709beb49d65cfe95510256174f5d0229ad027983d976a9de097ef0bf4da7d8b9c3946da27f7b6
SSDEEP

3072:ylAHHlWAI+9+b1izU0uodPtHYoLuJeFzWOuV4fEJvV19yg:VlWAI+9+b4UM6oCJ+FfEJvV15

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
1980	rundll32mgr.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 5080	4588	rundll32.exe	80
PID 4588 wrote to memory of 5080	4588	rundll32.exe	80
PID 4588 wrote to memory of 5080	4588	rundll32.exe	80
PID 5080 wrote to memory of 1980	5080	rundll32.exe	81
PID 5080 wrote to memory of 1980	5080	rundll32.exe	81
PID 5080 wrote to memory of 1980	5080	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65219dc30904525aab7716de4550a8d2718b9969bd1142cbc67f5a6e751c7cef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65219dc30904525aab7716de4550a8d2718b9969bd1142cbc67f5a6e751c7cef.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:5080
- - C:\Windows\SysWOW64\rundll32mgr.exe
    C:\Windows\SysWOW64\rundll32mgr.exe
    3⤵
    - Executes dropped EXE
    PID:1980

C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
73KB

MD5
9df5f7fb921486c04781cad71d7db727

SHA1
9ed18300776a2397e586073a95e7e992f031a25a

SHA256
eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

SHA512
1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

Download Submit
C:\Windows\SysWOW64\rundll32mgr.exe

Filesize
73KB

MD5
9df5f7fb921486c04781cad71d7db727

SHA1
9ed18300776a2397e586073a95e7e992f031a25a

SHA256
eed3c298db97d168df30af01e8da55b325eace743a954950ce4cd83412593b0f

SHA512
1267c2062ad742a446da93919df01af07b2e53b678f9e74511e174ac8f1a2e19b70651ecc16a913402d298e4b65a08d1f41316c55d8f0a9fb38010b268a5be2d

Download Submit
memory/5080-136-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download