d745cb95210304e9ab5f70855ed3f30647b2fc4a7d014d9fcdd238d09699d073

Analysis

max time kernel
90s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2022, 01:47

Target

d745cb95210304e9ab5f70855ed3f30647b2fc4a7d014d9fcdd238d09699d073.dll
Size

2.0MB
MD5

1ddbc4523d0589797effe6b8601ae899
SHA1

2a2dff7172f2a0f74e5bb869b18c080a1a33e33a
SHA256

d745cb95210304e9ab5f70855ed3f30647b2fc4a7d014d9fcdd238d09699d073
SHA512

256ffda5d0b132d939f9d23ebbd529856d02b7c3768e875bc78db77b827e23ec5e27e5b67b70a48e75b65a1d69a68a2df659745e789a101f102cd04f562f2ff6
SSDEEP

24576:9t/9Fh821Zotk41+4npC28FJngG1f9Eg+orQNWtOTZxWK/C16989cYCYSj8S8KW5:9t/fCcbmgDQAtO18X62IYShWokF77z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d745cb95210304e9ab5f70855ed3f30647b2fc4a7d014d9fcdd238d09699d073.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d745cb95210304e9ab5f70855ed3f30647b2fc4a7d014d9fcdd238d09699d073.dll,#1
  2⤵
  PID:4804

memory/4804-133-0x0000000002140000-0x000000000233B000-memory.dmp

Filesize
2.0MB

Download
memory/4804-135-0x0000000002C30000-0x0000000002D52000-memory.dmp

Filesize
1.1MB

Download
memory/4804-134-0x00000000029E0000-0x0000000002B01000-memory.dmp

Filesize
1.1MB

Download
memory/4804-136-0x0000000002D60000-0x0000000002E28000-memory.dmp

Filesize
800KB

Download
memory/4804-137-0x0000000002E30000-0x0000000002EE2000-memory.dmp

Filesize
712KB

Download
memory/4804-140-0x0000000002C30000-0x0000000002D52000-memory.dmp

Filesize
1.1MB

Download