215c6d869038a2bc0ec9925cc4c6ce0709fa0ee38caaf471670d7d697fe9a38a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 11:12

Target

215c6d869038a2bc0ec9925cc4c6ce0709fa0ee38caaf471670d7d697fe9a38a.dll
Size

135KB
MD5

11d37ed46cc51511d7f06962b43796c0
SHA1

251e8fa2287915bd14824aaee039a941e7c6e51c
SHA256

215c6d869038a2bc0ec9925cc4c6ce0709fa0ee38caaf471670d7d697fe9a38a
SHA512

392749b4c0e89f16b4c88025ffc0f59ace44c854f926e9b6e42d19793ed1d0b8c80e299078f9dfaa4fa9e551807288896167197456a3dc9a229317a2426ed540
SSDEEP

3072:pR7HPkdbHiwrFTQ1Ir1Bl8L4ZTgZ3WxbxHlVMvUmVZaIA3:vkbHiaFTsulPLZxrMr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 3436	1328	rundll32.exe	83
PID 1328 wrote to memory of 3436	1328	rundll32.exe	83
PID 1328 wrote to memory of 3436	1328	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\215c6d869038a2bc0ec9925cc4c6ce0709fa0ee38caaf471670d7d697fe9a38a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\215c6d869038a2bc0ec9925cc4c6ce0709fa0ee38caaf471670d7d697fe9a38a.dll,#1
  2⤵
  PID:3436

memory/3436-133-0x000000001FE60000-0x000000001FE87000-memory.dmp

Filesize
156KB

Download