c219f740d8af2031ab623e4e4282484189eff5f55e74abce4e153ccadb4c7818

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 06:18

Target

c219f740d8af2031ab623e4e4282484189eff5f55e74abce4e153ccadb4c7818.dll
Size

48KB
MD5

4fe19cabb17f9ddfe592083970b4ca79
SHA1

06eb9382f72e7279afcd9292503803d4c392c1da
SHA256

c219f740d8af2031ab623e4e4282484189eff5f55e74abce4e153ccadb4c7818
SHA512

6b28b51080d2a88c12d9d440f8d9111b6fad442b940b2bce2fba718a00e650413739b1450518349e116c2f46d8451e1956927ce056dd6875fe924e84889bcaa0
SSDEEP

768:DLSLeoPrxwCnJgb4RVnEohTyhX/zXo9g08q:DLiPrlm0EohOdbot3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 3368	2264	rundll32.exe	83
PID 2264 wrote to memory of 3368	2264	rundll32.exe	83
PID 2264 wrote to memory of 3368	2264	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c219f740d8af2031ab623e4e4282484189eff5f55e74abce4e153ccadb4c7818.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c219f740d8af2031ab623e4e4282484189eff5f55e74abce4e153ccadb4c7818.dll,#1
  2⤵
  PID:3368

memory/3368-132-0x0000000000000000-mapping.dmp

Download
memory/3368-133-0x00000000023B0000-0x0000000002486000-memory.dmp

Filesize
856KB

Download