83d6ce438b8301bcbdd84d1d6eb3ccb5ff4e8c0e6ff4131af089c638e75edcc9

Analysis

max time kernel
234s
max time network
259s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:02

Target

83d6ce438b8301bcbdd84d1d6eb3ccb5ff4e8c0e6ff4131af089c638e75edcc9.dll
Size

9KB
MD5

439466bed5d2b47a0d97d9c1a75e00fd
SHA1

6c7a2f29ad364474f7afa19c535cb93f1ad8ff47
SHA256

83d6ce438b8301bcbdd84d1d6eb3ccb5ff4e8c0e6ff4131af089c638e75edcc9
SHA512

b4bf448377f48569657e9e8064a9d56860d4bc95f9c803e99aaec3a11fae7a8b5b69a9359a98358df58d04d0dd68980a9b9a79732650344d03f7d050fd96a14a
SSDEEP

192:W1mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o9c:W8jhdHad/z20IyFWakC84dWaWak8cdWj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3780 wrote to memory of 4876	3780	rundll32.exe	rundll32.exe
PID 3780 wrote to memory of 4876	3780	rundll32.exe	rundll32.exe
PID 3780 wrote to memory of 4876	3780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83d6ce438b8301bcbdd84d1d6eb3ccb5ff4e8c0e6ff4131af089c638e75edcc9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3780

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83d6ce438b8301bcbdd84d1d6eb3ccb5ff4e8c0e6ff4131af089c638e75edcc9.dll,#1
2⤵
PID:4876

memory/4876-132-0x0000000000000000-mapping.dmp

Download
memory/4876-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download
memory/4876-134-0x000000006DD20000-0x000000006DD27000-memory.dmp

Filesize
28KB

Download