979ce8d9abd81ebe9666958f60da829177d615272fce05abdd3b63c9488d386d

Analysis

max time kernel
180s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 17:17

Target

979ce8d9abd81ebe9666958f60da829177d615272fce05abdd3b63c9488d386d.dll
Size

343KB
MD5

659e57fe9611c83b45bfb02f0a38a1c0
SHA1

b876d20b52d4cddda93326d2ee3fbe3c2df3145d
SHA256

979ce8d9abd81ebe9666958f60da829177d615272fce05abdd3b63c9488d386d
SHA512

02a770000e3385f2da32d4cf46ec3c6451363a4c63fb1da7195fdbb9b1f2a11c236bd85f8a81e226e012b3a9a9341403a9f0031b940527cbce2f09ce8b89b3bf
SSDEEP

3072:7/+JR2BNtlt0ntfjNOVzV5kqTX0nj5XEAprAgSJUJP28ZulWsXbds:7/+JR2BNtlt0trN1nhEApkggqPHZLZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 728	4824	rundll32.exe	81
PID 4824 wrote to memory of 728	4824	rundll32.exe	81
PID 4824 wrote to memory of 728	4824	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\979ce8d9abd81ebe9666958f60da829177d615272fce05abdd3b63c9488d386d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\979ce8d9abd81ebe9666958f60da829177d615272fce05abdd3b63c9488d386d.dll,#1
  2⤵
  PID:728

memory/728-133-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download