d28a18e02e79524468e8fc3e49489e257b6bf1b20cfdc55a09f5bc0ca53fdf45

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:20

Target

d28a18e02e79524468e8fc3e49489e257b6bf1b20cfdc55a09f5bc0ca53fdf45.dll
Size

315KB
MD5

20710eab4efc1d3e8938dace9aff2e20
SHA1

2c5d51b73796ddfe69cdd97ef2fe35a6b55ddd25
SHA256

d28a18e02e79524468e8fc3e49489e257b6bf1b20cfdc55a09f5bc0ca53fdf45
SHA512

c58b19128a095bcb08af17229fe9367024c38a4c145e5c94177df081b904a3feda04ea62897deff6f9f85272d4a62d67ef99714315d00bb9cc6788a7f464d8fe
SSDEEP

6144:iYsmNf5bfClBORuB3lRDxEJXufXA89VFQtCxCDmTuOQTJE:NtNfZm/FxEJXuY89LQ0xCDNO+E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 4360	1248	rundll32.exe	83
PID 1248 wrote to memory of 4360	1248	rundll32.exe	83
PID 1248 wrote to memory of 4360	1248	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d28a18e02e79524468e8fc3e49489e257b6bf1b20cfdc55a09f5bc0ca53fdf45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d28a18e02e79524468e8fc3e49489e257b6bf1b20cfdc55a09f5bc0ca53fdf45.dll,#1
  2⤵
  PID:4360

memory/4360-133-0x0000000074BA0000-0x0000000074BF3000-memory.dmp

Filesize
332KB

Download
memory/4360-134-0x0000000074BA0000-0x0000000074BF3000-memory.dmp

Filesize
332KB

Download