9503a7c255e4388459ec68063e49e5f6698f664a591c143b16a8cae883d7bddd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:17

Target

0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll
Size

505KB
MD5

9169864057eaed7f170c615ec711cb40
SHA1

db9422e6e9681effbf3eaf1fd01c9d3e5cfd5273
SHA256

9503a7c255e4388459ec68063e49e5f6698f664a591c143b16a8cae883d7bddd
SHA512

0077a4946a80c5e3701ffd50263638bba0b24e7f5eb38a8771e5f6c9f6d98d41c862f19431bd9030033e40fbfb7e85a16c40e2c5e7dd08e65151b4cc749cf989
SSDEEP

6144:VCVHWA+UG7KVisYTnad3ZdfZOOJ4bp5pu43vU:VsW5hNTad3NOm4bHc8U

Score

8^/10

Blocklisted process makes network request 6 IoCs

Processes:

rundll32.exe

flow pid process

4 800 rundll32.exe
12 800 rundll32.exe
29 800 rundll32.exe
33 800 rundll32.exe
40 800 rundll32.exe
45 800 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:800

memory/800-132-0x0000000000000000-mapping.dmp

Download
memory/800-133-0x0000000000BD0000-0x0000000000BD7000-memory.dmp

Filesize
28KB

Download