0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f

Analysis

max time kernel
93s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 16:23

Target

0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll
Size

290KB
MD5

2598e1ce160b1e9c77f4ebbcef9207ae
SHA1

a06a0d01a194df2db66a9e49d2593f1251b9c9b7
SHA256

0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f
SHA512

8e76e2da2ff2b59991a47b785a84c2a27c9bb860a48bb567218754cf548b4548a060a95efdc71acb487a8b735a5921cd1d2d86b3cc90ca7dafb41f9f26f3e608
SSDEEP

6144:j8MbawTYRgl1Xnz7yRW8wDk+5Qk6xdsJVwuHx21tDJFttlH:AMba4a+fyAgtrH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2560	2980	rundll32.exe	83
PID 2980 wrote to memory of 2560	2980	rundll32.exe	83
PID 2980 wrote to memory of 2560	2980	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0992d1c4b243b3f4ce8a4185f03696d6ec31d26e6fc80efa4dce7a6e8edfc92f.dll,#1
  2⤵
  PID:2560

memory/2560-133-0x0000000000B20000-0x0000000000B6F000-memory.dmp

Filesize
316KB

Download