c9d17aa2f2fe1dd62f3772766237dbc3ba79e0ca8698a2d8d6e62baf1d1edeac

Analysis

max time kernel
138s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:07

Target

c9d17aa2f2fe1dd62f3772766237dbc3ba79e0ca8698a2d8d6e62baf1d1edeac.dll
Size

125KB
MD5

76477bbd905de7b6bd572acc0f39e50a
SHA1

e8a7482dc7806013a769c8cba56afe44e83f45f3
SHA256

c9d17aa2f2fe1dd62f3772766237dbc3ba79e0ca8698a2d8d6e62baf1d1edeac
SHA512

fa4aa37101a57ac394b6dafdd545cfd94701112419086ed3ae7c9f46cb806289ee14f57fbd9abf2fa55a07fc7ff8904a930e9d966938d934c58304f9f26dd6f8
SSDEEP

1536:J2bKKlmWNCuRXGWNnCrv9mL1wfKjczsUMK0SftF9t6F3dzjQV0XFiUar:kbj0Wcu1dNCrVE6fhoSFQpNVFnar

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4984 wrote to memory of 3032	4984	rundll32.exe	rundll32.exe
PID 4984 wrote to memory of 3032	4984	rundll32.exe	rundll32.exe
PID 4984 wrote to memory of 3032	4984	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9d17aa2f2fe1dd62f3772766237dbc3ba79e0ca8698a2d8d6e62baf1d1edeac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9d17aa2f2fe1dd62f3772766237dbc3ba79e0ca8698a2d8d6e62baf1d1edeac.dll,#1
2⤵
PID:3032

memory/3032-132-0x0000000000000000-mapping.dmp

Download
memory/3032-133-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/3032-134-0x0000000000A20000-0x0000000000A33000-memory.dmp

Filesize
76KB

Download
memory/3032-136-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/3032-139-0x0000000000A20000-0x0000000000A33000-memory.dmp

Filesize
76KB

Download