b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25

Analysis

max time kernel
104s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:21

Target

b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll
Size

65KB
MD5

586461220debc3120aa5aa2aa1c0a723
SHA1

da7df07441fc2ae51fae095845e5f6717cb3558c
SHA256

b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25
SHA512

c483f79af560ba9a09395fd8de5bb5497498393f0e950306e3d706e66dd7084094dfd08d46c45c9c9e9b2b35890a79c7a78e8d926f04149ab14824ccdf69dd97
SSDEEP

768:9dkl/S28qHqfO1YkIYkOYqgmhhhfDVevQcnCSDCOehh2vd9ayK74UAMEGzsmKQkw:9GSRqHq21UYzyok4QCJOpv7ayK7HX5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4252 wrote to memory of 1312	4252	rundll32.exe	rundll32.exe
PID 4252 wrote to memory of 1312	4252	rundll32.exe	rundll32.exe
PID 4252 wrote to memory of 1312	4252	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4252

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll,#1
2⤵
PID:1312

memory/1312-132-0x0000000000000000-mapping.dmp

Download
memory/1312-133-0x0000000000910000-0x0000000000924000-memory.dmp

Filesize
80KB

Download
memory/1312-134-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download
memory/1312-135-0x0000000000910000-0x0000000000924000-memory.dmp

Filesize
80KB

Download
memory/1312-136-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download