dd8cd943044e459d9f463969b995dc92b2dc7839748c0510db5aac9cc47fcd16

Analysis

max time kernel
142s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 07:11

Target

dd8cd943044e459d9f463969b995dc92b2dc7839748c0510db5aac9cc47fcd16.dll
Size

452KB
MD5

2d46a9b54f14e8000e5e70b8cf0a79c0
SHA1

a8932251cb41e557e2a9163b993c2dab3abe9d80
SHA256

dd8cd943044e459d9f463969b995dc92b2dc7839748c0510db5aac9cc47fcd16
SHA512

d1e16fa227b9d0a38663bb557822edf4c2fa4935dde1b764a553a3dc2f83d3496f8fc91f8c34b8ae8a7792162354f1e07dc8c2089857915ade5eeca05447d71c
SSDEEP

12288:UJ7BTXMvWOIDdmrHuUYW+UWGNES1q881tzNEWDl80nprcPiQWG+cHm:GZysSEAiTKW9cPH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 4468	1116	rundll32.exe	81
PID 1116 wrote to memory of 4468	1116	rundll32.exe	81
PID 1116 wrote to memory of 4468	1116	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd8cd943044e459d9f463969b995dc92b2dc7839748c0510db5aac9cc47fcd16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd8cd943044e459d9f463969b995dc92b2dc7839748c0510db5aac9cc47fcd16.dll,#1
  2⤵
  PID:4468

memory/4468-133-0x00000000020F0000-0x0000000002161000-memory.dmp

Filesize
452KB

Download
memory/4468-137-0x0000000000760000-0x0000000000794000-memory.dmp

Filesize
208KB

Download
memory/4468-138-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download