d440d728d8944008d58f2c5b3aa400a296f35ce675fa45b949607772df7eaf64

Analysis

max time kernel
153s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:01

Target

d440d728d8944008d58f2c5b3aa400a296f35ce675fa45b949607772df7eaf64.dll
Size

348KB
MD5

b1b797f82cf829020590674836f4f294
SHA1

8eb70c0bf1867f721d6158608b832b83f0a66285
SHA256

d440d728d8944008d58f2c5b3aa400a296f35ce675fa45b949607772df7eaf64
SHA512

175b4f144cc9af2ec844fcac92f04c56fd359982be74751b6035aa078ef38714e8c395d2ffd0de4f85b9a947bf83af3193f243a77c59fe627370fd49b1947237
SSDEEP

6144:K64keXUY5/FMuP2q8iQeeaQeepQeesQeeGrQeehQeeHOg4oV4GTO+MvsY:KFdXUYBFM6Dgn52

Score

8^/10

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

31 3380 rundll32.exe

flow	pid	process
31	3380	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4292 wrote to memory of 3380	4292	rundll32.exe	rundll32.exe
PID 4292 wrote to memory of 3380	4292	rundll32.exe	rundll32.exe
PID 4292 wrote to memory of 3380	4292	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d440d728d8944008d58f2c5b3aa400a296f35ce675fa45b949607772df7eaf64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d440d728d8944008d58f2c5b3aa400a296f35ce675fa45b949607772df7eaf64.dll,#1
2⤵
- Blocklisted process makes network request
PID:3380