d1e875483043362282d5c80130d6544fdda1e7cb4ec0f90230da9c856ffcddec

Analysis

max time kernel
159s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:00

Target

d1e875483043362282d5c80130d6544fdda1e7cb4ec0f90230da9c856ffcddec.dll
Size

466KB
MD5

504d2969f1fc7a420b2131f17cfa3820
SHA1

34c293d0499dff5e83baaa2438cbca1040085f8f
SHA256

d1e875483043362282d5c80130d6544fdda1e7cb4ec0f90230da9c856ffcddec
SHA512

187ccb901ee90dbb97eb86dce5cc2df3d34c9b77b6a00de1a1d0a1527090debccf7d9235d45b259d1d7900f304da5b59b41b890a90da8db3177272c4b7f1c5d6
SSDEEP

12288:kxbSegmED5xY7ODMjmrIW/7v7rd0rEfQu:ObSegmEDKODMjm0W//x0rEfQu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2156 wrote to memory of 4576	2156	rundll32.exe	rundll32.exe
PID 2156 wrote to memory of 4576	2156	rundll32.exe	rundll32.exe
PID 2156 wrote to memory of 4576	2156	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1e875483043362282d5c80130d6544fdda1e7cb4ec0f90230da9c856ffcddec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2156

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1e875483043362282d5c80130d6544fdda1e7cb4ec0f90230da9c856ffcddec.dll,#1
2⤵
PID:4576

memory/4576-132-0x0000000000000000-mapping.dmp

Download
memory/4576-133-0x0000000074990000-0x0000000074A08000-memory.dmp

Filesize
480KB

Download