3c881eb405da5a2ee365b98c836c979be7a68f9ee2d3ed83a9bf3dde75e8a379

Analysis

max time kernel
159s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 17:05

Target

3c881eb405da5a2ee365b98c836c979be7a68f9ee2d3ed83a9bf3dde75e8a379.dll
Size

51KB
MD5

60bb0d5637de997e4d4402542d333776
SHA1

3b7dd756be79ae96c66444bd40c81d4f93670179
SHA256

3c881eb405da5a2ee365b98c836c979be7a68f9ee2d3ed83a9bf3dde75e8a379
SHA512

20b0f51fdff2555ecbc378a12a328547cb8538e4ada3bca27a9919c13cb8c83aa0ea4f5b15d1ed83f0abeb21e8191b85a75951aceb3b39ab4e32443e9ae01f77
SSDEEP

768:eEf58XQOIw+9p6GDGBvWv7S8CI8XYXmREufjypC9hdzOhnCJmF5Z6tkTjby88mIn:7k876CGIv7S884mRgk/dzO5umFmo1K

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 2100	4560	rundll32.exe	69
PID 4560 wrote to memory of 2100	4560	rundll32.exe	69
PID 4560 wrote to memory of 2100	4560	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c881eb405da5a2ee365b98c836c979be7a68f9ee2d3ed83a9bf3dde75e8a379.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c881eb405da5a2ee365b98c836c979be7a68f9ee2d3ed83a9bf3dde75e8a379.dll,#1
  2⤵
  PID:2100

memory/2100-132-0x0000000000000000-mapping.dmp

Download
memory/2100-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download