0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb

Analysis

max time kernel
173s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:01

Target

0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll
Size

359KB
MD5

45507f626ae64769129812a2b6141d4c
SHA1

d355c9d8771eae58c88de8d892728286e1cab56b
SHA256

0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb
SHA512

c06870d4c42180ea2fd11ddddeec69648ec59b9933596a25649bd0559ed73857c07dd08ec5c01613cb23b79e3134e3fc1b235727942b02a98cf06aaae8bc4216
SSDEEP

6144:BwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:CkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3416 wrote to memory of 3448	3416	rundll32.exe	rundll32.exe
PID 3416 wrote to memory of 3448	3416	rundll32.exe	rundll32.exe
PID 3416 wrote to memory of 3448	3416	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0da0f5091be5ba1052277133cb8793d89ecb700dba5247f45f55e7e43bd9ecfb.dll,#1
2⤵
PID:3448

memory/3448-132-0x0000000000000000-mapping.dmp

Download
memory/3448-133-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/3448-134-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download