4e70655b16a62dfac74273ab50f9e0d7e653fb48b405271c9559e562ba60660d

Analysis

max time kernel
161s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:18

Target

4e70655b16a62dfac74273ab50f9e0d7e653fb48b405271c9559e562ba60660d.dll
Size

65KB
MD5

52baf7ea73d44b7d65727aeb05c1986a
SHA1

b27f11cc270ba89d04406b71f416ca8d287fc271
SHA256

4e70655b16a62dfac74273ab50f9e0d7e653fb48b405271c9559e562ba60660d
SHA512

d5fc4e234c4b5d7bb6a118df9171b3d9612813b56b101b468c0243b0a0635442536a67b440a8338d6f6e592dd2f0b1a7a52152ab7fc4dce3bc4162bf85066113
SSDEEP

1536:wvelCv2SMvRVu2RF6RogMCfBADx9H48gYPzE52fYRiHvBr0Ed7/qj:LlS2bdR8RPzZOD48JPoUwRiPBr0Ed7/6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2452 wrote to memory of 1100	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 1100	2452	rundll32.exe	rundll32.exe
PID 2452 wrote to memory of 1100	2452	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e70655b16a62dfac74273ab50f9e0d7e653fb48b405271c9559e562ba60660d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e70655b16a62dfac74273ab50f9e0d7e653fb48b405271c9559e562ba60660d.dll,#1
2⤵
PID:1100

memory/1100-132-0x0000000000000000-mapping.dmp

Download
memory/1100-133-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1100-134-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download