a48dd7d4bc9095b2df20e2b67649c13ef2cc968ce844edd4308365a7e7bfb7a4

Analysis

max time kernel
188s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 22:02

Target

a48dd7d4bc9095b2df20e2b67649c13ef2cc968ce844edd4308365a7e7bfb7a4.dll
Size

47KB
MD5

90de3177ab50b28ce54033627c118d8a
SHA1

24773f08db609c80592b50a352cf90a9cb897130
SHA256

a48dd7d4bc9095b2df20e2b67649c13ef2cc968ce844edd4308365a7e7bfb7a4
SHA512

06459cb09ec810c1d1ea9cab35250417fef0358ffea82aa7932e3101214df4e5ef5a70c42f5bfbf82f4d8f9671c7fcdac453b786122b8eab96282ac5278df685
SSDEEP

768:6oRaib3N5TDnp222BR6OF8PGCJFXNkPg2Cq/XUJiVHtAk/MUs+:6INfxeb0RHdiVTtb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 1204	4788	rundll32.exe	81
PID 4788 wrote to memory of 1204	4788	rundll32.exe	81
PID 4788 wrote to memory of 1204	4788	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a48dd7d4bc9095b2df20e2b67649c13ef2cc968ce844edd4308365a7e7bfb7a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a48dd7d4bc9095b2df20e2b67649c13ef2cc968ce844edd4308365a7e7bfb7a4.dll,#1
  2⤵
  PID:1204

memory/1204-133-0x0000000000870000-0x000000000087F000-memory.dmp

Filesize
60KB

Download
memory/1204-134-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1204-135-0x0000000000870000-0x000000000087F000-memory.dmp

Filesize
60KB

Download
memory/1204-136-0x0000000000870000-0x000000000087F000-memory.dmp

Filesize
60KB

Download
memory/1204-137-0x0000000000870000-0x000000000087F000-memory.dmp

Filesize
60KB

Download