8c978e740bcfe2ea9f561648f41007c5b727d8883648aea70fc936421cad5e12

Analysis

max time kernel
171s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:42

Target

8c978e740bcfe2ea9f561648f41007c5b727d8883648aea70fc936421cad5e12.dll
Size

134KB
MD5

11dffe4f994ea992abc7363b43eb650d
SHA1

b458842b0c0ad51313389097d710fa80e989296e
SHA256

8c978e740bcfe2ea9f561648f41007c5b727d8883648aea70fc936421cad5e12
SHA512

4eb6c17a452a8a413a5fe7ff4025cac50806b0b9240dc28722b4dda1459dc97c580e01108117026738b1fc63ccce1859a5585b9412ad84d5b80aa8e7f9905abb
SSDEEP

3072:p81rcXSdcJDCEfsTYufEzu0WjYLFHqukkkkfkkkk4kkkZkk:x1JL8fEzuB2kkkkfkkkk4kkkZkk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1188 wrote to memory of 1048	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1048	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1048	1188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c978e740bcfe2ea9f561648f41007c5b727d8883648aea70fc936421cad5e12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c978e740bcfe2ea9f561648f41007c5b727d8883648aea70fc936421cad5e12.dll,#1
2⤵
PID:1048

memory/1048-132-0x0000000000000000-mapping.dmp

Download
memory/1048-133-0x0000000000C40000-0x0000000000C53000-memory.dmp

Filesize
76KB

Download
memory/1048-135-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1048-138-0x0000000000C40000-0x0000000000C53000-memory.dmp

Filesize
76KB

Download