028aac402e818429dc303c0dad2afd7679e881693b0a9b8d7d5e0f022913ecdf

Analysis

max time kernel
166s
max time network
221s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:22

Target

028aac402e818429dc303c0dad2afd7679e881693b0a9b8d7d5e0f022913ecdf.dll
Size

360KB
MD5

1776761b16b069dbecfe98f09663fb19
SHA1

7da236e16b59981b8e718fb564863374953f7b50
SHA256

028aac402e818429dc303c0dad2afd7679e881693b0a9b8d7d5e0f022913ecdf
SHA512

76ac02cb705820fce3d930ad5cb54b27c32b84e3978e19f2cc4c94c3c1ae727beabd1ae01748c09542f803c6593c92ac45e813ccd40b81c463889c6074a1844a
SSDEEP

6144:awM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:tkI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 208 wrote to memory of 3728	208	rundll32.exe	rundll32.exe
PID 208 wrote to memory of 3728	208	rundll32.exe	rundll32.exe
PID 208 wrote to memory of 3728	208	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\028aac402e818429dc303c0dad2afd7679e881693b0a9b8d7d5e0f022913ecdf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:208

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\028aac402e818429dc303c0dad2afd7679e881693b0a9b8d7d5e0f022913ecdf.dll,#1
2⤵
PID:3728

memory/3728-133-0x0000000000000000-mapping.dmp

Download
memory/3728-134-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download
memory/3728-135-0x0000000073E70000-0x0000000073ECD000-memory.dmp

Filesize
372KB

Download