4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:02

Target

4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll
Size

796KB
MD5

46b5e1379904504d9b5802b47dc658eb
SHA1

4084590141f185e4394200ab4036f036e80fd20e
SHA256

4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a
SHA512

45f1930885666056d5262d03c2b6cc251fd4489979e785fc0c1ef9e50ec1c7764220a4a81acc008fb005e78b667e2897ec5480ccd9e78c3358da26a664196682
SSDEEP

12288:O7tdNvcfzY8B4L6CeHhpQzS2KRWC6/7+hhVp0RsamYkzuKD/9WVuVO+3pJsbIPvm:O7tdZGwRsamY0Rp4+3gkF7IiCe43e32

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2256 wrote to memory of 2484	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2484	2256	rundll32.exe	rundll32.exe
PID 2256 wrote to memory of 2484	2256	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4017c8c97a48dce3a2618115841f48a01e50e09f54f97e363bc7d6a9f7b7ae5a.dll,#1
2⤵
PID:2484

memory/2484-132-0x0000000000000000-mapping.dmp

Download
memory/2484-133-0x0000000061830000-0x00000000618F8000-memory.dmp

Filesize
800KB

Download