7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b

Analysis

max time kernel
186s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:11

Target

7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
Size

159KB
MD5

35bc6ead6a1c06bd243e293f855ed848
SHA1

55a01a73388d4396536e74376b4fd1681920a9a8
SHA256

7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b
SHA512

9250c90bd63df938796065e82310e8cdeea6d7f6b375cd679fbd431cdedd670535565f17c7d30b6ac7d09e11ebf77953d5fa7c98af1791342bd0d1193c8a2d09
SSDEEP

3072:pG6Y+kD84LYxXJ7weAn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:Rhy0C2ckJ4f+iBRjv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3108 wrote to memory of 204	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 204	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 204	3108	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#1
2⤵
PID:204

memory/204-132-0x0000000000000000-mapping.dmp

Download
memory/204-133-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download