d7c02c3bc476ee2f7c01423d73c4cfb0a2e07471558753d3809d1dec28dc1ea2

Analysis

max time kernel
150s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:47

Target

d7c02c3bc476ee2f7c01423d73c4cfb0a2e07471558753d3809d1dec28dc1ea2.dll
Size

416KB
MD5

e1f103446793cfc16c0cf5246130923d
SHA1

45546696f492c688b97cd6dc4da5451bf4ab20f0
SHA256

d7c02c3bc476ee2f7c01423d73c4cfb0a2e07471558753d3809d1dec28dc1ea2
SHA512

03759afcc7ee458a8633c878108a20f457c34cf544b9d54a3cd9c01b0d541784266d250dade20a9fbbe1383638220b984511b228c0d687e1e99c9b6d1a11eee1
SSDEEP

12288:Al6PZwcJ05yalVvrsHsUcACu63RXn0VAbp9:e6hw+dalVvwMBACu0Agp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2876 wrote to memory of 3664	2876	rundll32.exe	rundll32.exe
PID 2876 wrote to memory of 3664	2876	rundll32.exe	rundll32.exe
PID 2876 wrote to memory of 3664	2876	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7c02c3bc476ee2f7c01423d73c4cfb0a2e07471558753d3809d1dec28dc1ea2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7c02c3bc476ee2f7c01423d73c4cfb0a2e07471558753d3809d1dec28dc1ea2.dll,#1
2⤵
PID:3664

memory/3664-132-0x0000000000000000-mapping.dmp

Download
memory/3664-133-0x0000000000390000-0x0000000000400000-memory.dmp

Filesize
448KB

Download