220f6b0324d8d7c2fbe20c6fba98a4d762cca88147bb6ce85adcce9146293324

Analysis

max time kernel
107s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 05:07

Target

220f6b0324d8d7c2fbe20c6fba98a4d762cca88147bb6ce85adcce9146293324.dll
Size

10KB
MD5

8122dfae1094418c95a6f1843a6d08b4
SHA1

32be9187df1780afecd812cd545f91c9712ee3c9
SHA256

220f6b0324d8d7c2fbe20c6fba98a4d762cca88147bb6ce85adcce9146293324
SHA512

0b6dbcc1b6660fbe3f9156875f054658260da8ffe3a05afb0e9499661647b178939c60cf9041e69e716516ea3994317faa5f072a672c5461e70046479cfb65a5
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9wb:6dHad/N20IypWak8dWiWak8EdWx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2372	2792	rundll32.exe	82
PID 2792 wrote to memory of 2372	2792	rundll32.exe	82
PID 2792 wrote to memory of 2372	2792	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\220f6b0324d8d7c2fbe20c6fba98a4d762cca88147bb6ce85adcce9146293324.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\220f6b0324d8d7c2fbe20c6fba98a4d762cca88147bb6ce85adcce9146293324.dll,#1
  2⤵
  PID:2372

memory/2372-136-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download