3343fd81b6c3f92a53b65c2e95920bb05d05e884fc94580a8d8f66f374238d04

Analysis

max time kernel
179s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 09:17

Target

3343fd81b6c3f92a53b65c2e95920bb05d05e884fc94580a8d8f66f374238d04.dll
Size

188KB
MD5

3b77fc55b8ff01900f8645ca3144da58
SHA1

a9659d3aa5f84cb3d553f59af6b42233f523b6f1
SHA256

3343fd81b6c3f92a53b65c2e95920bb05d05e884fc94580a8d8f66f374238d04
SHA512

07043bc1da77a1072b4546452c4be7522bf9ea6a3aa54c9717bb46ec37cb08015602b05dcf0d77e2a6f241a331327680a6c6091594613cea37512729b5c8c7d2
SSDEEP

1536:4aIHIJkuvfZ/AuwXdWt87Ca6LkBGHeh3wkXcXUhnaSa01hhN5YsfX1bk4zPyQkEn:LkyxvfGXHa4KkXcXyN3g4zPXk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 3236	4832	rundll32.exe	79
PID 4832 wrote to memory of 3236	4832	rundll32.exe	79
PID 4832 wrote to memory of 3236	4832	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3343fd81b6c3f92a53b65c2e95920bb05d05e884fc94580a8d8f66f374238d04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3343fd81b6c3f92a53b65c2e95920bb05d05e884fc94580a8d8f66f374238d04.dll,#1
  2⤵
  PID:3236

memory/3236-133-0x0000000010000000-0x0000000010036000-memory.dmp

Filesize
216KB

Download