9e39283a0b2201fcfb52f6e1557dfa1cc469fdaf5828be54c5c4f22fa6885236

Analysis

max time kernel
158s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 07:31

Target

9e39283a0b2201fcfb52f6e1557dfa1cc469fdaf5828be54c5c4f22fa6885236.dll
Size

45KB
MD5

81725c83b80876e8118c0a956a05d91e
SHA1

2daf16faf9dc72e70096bb1f4e3508a3d01e1f83
SHA256

9e39283a0b2201fcfb52f6e1557dfa1cc469fdaf5828be54c5c4f22fa6885236
SHA512

346a8c210caedf67379bf99b8ecd07a15984197c44b280a90ef3af5dbc0a39bb489d95a06676819a90cc708d5faf071655ccf783658c9107b9e4abab8950918e
SSDEEP

768:eZZcEiaUVHmgOMtitTjxyNq5ewMwkjw5I9tGzADjMl6t:ebcfaUC4WTQNqNfkjw2GHl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4780	4736	rundll32.exe	81
PID 4736 wrote to memory of 4780	4736	rundll32.exe	81
PID 4736 wrote to memory of 4780	4736	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e39283a0b2201fcfb52f6e1557dfa1cc469fdaf5828be54c5c4f22fa6885236.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e39283a0b2201fcfb52f6e1557dfa1cc469fdaf5828be54c5c4f22fa6885236.dll,#1
  2⤵
  PID:4780

memory/4780-133-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download