d84c248235d30d2f60314242cbd6b876941d7cd5e7c31896de0b1e655cf9269e

Analysis

max time kernel
247s
max time network
318s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:58

Target

d84c248235d30d2f60314242cbd6b876941d7cd5e7c31896de0b1e655cf9269e.dll
Size

80KB
MD5

2ccd0f3b84f4b9440c1908850687d885
SHA1

95339134d29c9a1a2634f265dad06fd3197295f8
SHA256

d84c248235d30d2f60314242cbd6b876941d7cd5e7c31896de0b1e655cf9269e
SHA512

5dbb98f6e7801355a171063460fe87befa0ce2a7518bfda67b930147830e3464b3434554517bccf4993d14fc58508d33036c59569493d8c13f304f2f893d5153
SSDEEP

1536:RW49N6IXJ6cI048FqA9UUOz3wupDHRA3hJcBAS:RJ9vdX48FqImz3wYDqUAS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2120 wrote to memory of 3604	2120	rundll32.exe	rundll32.exe
PID 2120 wrote to memory of 3604	2120	rundll32.exe	rundll32.exe
PID 2120 wrote to memory of 3604	2120	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d84c248235d30d2f60314242cbd6b876941d7cd5e7c31896de0b1e655cf9269e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d84c248235d30d2f60314242cbd6b876941d7cd5e7c31896de0b1e655cf9269e.dll,#1
2⤵
PID:3604