3d1fd220e2da016f1000fbf7994e5aed3f09ed1894652a1f1f2d56c17741dac9

Analysis

max time kernel
178s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 17:08

Target

3d1fd220e2da016f1000fbf7994e5aed3f09ed1894652a1f1f2d56c17741dac9.dll
Size

226KB
MD5

0cf9c8e268c03ef887cb0b800d3c2926
SHA1

6bf9a8bc34bf362f388d1ed4ace86c46b9428353
SHA256

3d1fd220e2da016f1000fbf7994e5aed3f09ed1894652a1f1f2d56c17741dac9
SHA512

6d5d981a3c8ca83a27354453f940000c6a890834258f5da0539d11c25c90d83a71503cff815a77bfb8813314ca8e61ed07a3aa86b169b56b52f4ea70bbe7553c
SSDEEP

6144:B6ELlYE7/hAZUvPucYE05eLCjEMoDyuI5:gJ8hiU+HwMoD9W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 3548	4192	rundll32.exe	78
PID 4192 wrote to memory of 3548	4192	rundll32.exe	78
PID 4192 wrote to memory of 3548	4192	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d1fd220e2da016f1000fbf7994e5aed3f09ed1894652a1f1f2d56c17741dac9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d1fd220e2da016f1000fbf7994e5aed3f09ed1894652a1f1f2d56c17741dac9.dll,#1
  2⤵
  PID:3548

memory/3548-133-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download