c689772d9f1133452ddec6f320cac297f2ade107db04bf08955bde1b283a27ef

Analysis

max time kernel
178s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:08

Target

c689772d9f1133452ddec6f320cac297f2ade107db04bf08955bde1b283a27ef.dll
Size

65KB
MD5

048c028f64db088abbc6d71d16c99357
SHA1

a4e63c79c5dd9e15cf3264cb5ba418a5394a1177
SHA256

c689772d9f1133452ddec6f320cac297f2ade107db04bf08955bde1b283a27ef
SHA512

1dcd19faccd34d26984bbe43c22076faf83488504bcef60b69d2a50e179eb3d3c7823286f3206e81daf69a623a3cdd8d8ca4420d4fc71ccd0a5f9d3e01bf69ca
SSDEEP

768:+skiD+S+Maf95wUoSuFcTT0c7yKeQg1LI1288m70t8+Tng6b/S+f+YASMEPF31vs:RD+Ka7hn0c7pePxII2wPjx1vLbYAg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1516 wrote to memory of 1140	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 1140	1516	rundll32.exe	rundll32.exe
PID 1516 wrote to memory of 1140	1516	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c689772d9f1133452ddec6f320cac297f2ade107db04bf08955bde1b283a27ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c689772d9f1133452ddec6f320cac297f2ade107db04bf08955bde1b283a27ef.dll,#1
2⤵
PID:1140

memory/1140-132-0x0000000000000000-mapping.dmp

Download
memory/1140-133-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download