c9a107094f52ee035848c4e8a33fbdf1db69f88ef2b985956c952b35a44653ec

Analysis

max time kernel
141s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 17:30

Target

c9a107094f52ee035848c4e8a33fbdf1db69f88ef2b985956c952b35a44653ec.dll
Size

784KB
MD5

84184498aab31849757c8c7993e76c93
SHA1

5b52a76eb7451490d66219f7d0a77fa3c55268d0
SHA256

c9a107094f52ee035848c4e8a33fbdf1db69f88ef2b985956c952b35a44653ec
SHA512

88e6962af122afa22283f7d1ed0ed79c0e1eefbab287973fad4275e2742226699738504aaed04d52da921843015cf7e2dca25a7a2a4f6c98c997f8346560d637
SSDEEP

12288:jona9bm1i4Kho/D80RlmRWdJeFfzK7p2qgqI9Ao5U1Im3pHQCaOOfY:cna9i1i4Kho/D1tJeFf62k9IhY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 808	4976	rundll32.exe	81
PID 4976 wrote to memory of 808	4976	rundll32.exe	81
PID 4976 wrote to memory of 808	4976	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9a107094f52ee035848c4e8a33fbdf1db69f88ef2b985956c952b35a44653ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9a107094f52ee035848c4e8a33fbdf1db69f88ef2b985956c952b35a44653ec.dll,#1
  2⤵
  PID:808

memory/808-133-0x0000000010000000-0x00000000100E6000-memory.dmp

Filesize
920KB

Download