dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1

Analysis

max time kernel
91s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 04:20

Target

dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll
Size

856KB
MD5

2731f7363f3fab2cabd0c45a461eb9e9
SHA1

e05d080668af4767b453e7c2d9ff29f1afd595bc
SHA256

dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1
SHA512

f731b9aa3759b8c92c92a9225f56b307e8e76709e7be48276f84eca0ae2286b18e2d50a487bcf60db64f4802ecb0c12a0996433ea133a014efa58a684be24e43
SSDEEP

24576:qDMg1ejvXydkJaf8YOtmnP3gkd0W4vOa:EMPjvCKafnPPrrKO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 932	2664	rundll32.exe	81
PID 2664 wrote to memory of 932	2664	rundll32.exe	81
PID 2664 wrote to memory of 932	2664	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcf3a9f5870f41e132a76683d7ac8212ea7830e916488f99b6b7d768af5331c1.dll,#1
  2⤵
  PID:932

memory/932-133-0x0000000002110000-0x0000000002294000-memory.dmp

Filesize
1.5MB

Download
memory/932-134-0x0000000000850000-0x0000000000853000-memory.dmp

Filesize
12KB

Download