b7031dad3f51e4b085217527c7dcf94e6006f5af2c4ac6bc13a07f932b625ee6

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 23:30

Target

b7031dad3f51e4b085217527c7dcf94e6006f5af2c4ac6bc13a07f932b625ee6.dll
Size

335KB
MD5

0e8b267229be165c94812f82c456570e
SHA1

0146b233985a96c04814149bb92f9dbaf600b4a1
SHA256

b7031dad3f51e4b085217527c7dcf94e6006f5af2c4ac6bc13a07f932b625ee6
SHA512

fcc0631967083a511829a3b0985774fa486b6b438b61d3fcb99c6395fd8c0457223623e3e2ac2f128ce3bc8104806935952952314f32058a53105afc8b04f0e6
SSDEEP

6144:L9fsK+JpRF2wxAo84JlXDn9hZMzMI49ENv:L9fszUo84bv2Ccv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4840	2260	rundll32.exe	83
PID 2260 wrote to memory of 4840	2260	rundll32.exe	83
PID 2260 wrote to memory of 4840	2260	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7031dad3f51e4b085217527c7dcf94e6006f5af2c4ac6bc13a07f932b625ee6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7031dad3f51e4b085217527c7dcf94e6006f5af2c4ac6bc13a07f932b625ee6.dll,#1
  2⤵
  PID:4840

memory/4840-132-0x0000000000000000-mapping.dmp

Download
memory/4840-133-0x0000000002620000-0x0000000002678000-memory.dmp

Filesize
352KB

Download
memory/4840-137-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/4840-138-0x0000000000DF0000-0x0000000000E21000-memory.dmp

Filesize
196KB

Download