720b16f808977a9ab74cc52994abb7b040f4b3cb4a49f07b1f9da86d7d086a37

Analysis

max time kernel
181s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:30

Target

720b16f808977a9ab74cc52994abb7b040f4b3cb4a49f07b1f9da86d7d086a37.dll
Size

225KB
MD5

3878c49a3914e5ebf6ac56b1b13f8271
SHA1

c5bc8dfbba1728229b5633eec40a4ec050cfa8fc
SHA256

720b16f808977a9ab74cc52994abb7b040f4b3cb4a49f07b1f9da86d7d086a37
SHA512

723f11bf707cf32be5d9f9eda4d2113504ff7702cdfd56a70e3b81ae7a5568d442e043c39b7f5634d57a1ca33d0e8049107bb7c75681e69da5d06dd014ec1b01
SSDEEP

3072:avDYJrKMWUFIZ+gjQp+SNePeToysn8HbtJIKCwZoSVvQ6NC8Zr8miw+12AlrFXdn:yLt+g0QPekyswLCwuSr08hKZFXZoMq3y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4528 wrote to memory of 1920	4528	rundll32.exe	rundll32.exe
PID 4528 wrote to memory of 1920	4528	rundll32.exe	rundll32.exe
PID 4528 wrote to memory of 1920	4528	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\720b16f808977a9ab74cc52994abb7b040f4b3cb4a49f07b1f9da86d7d086a37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\720b16f808977a9ab74cc52994abb7b040f4b3cb4a49f07b1f9da86d7d086a37.dll,#1
2⤵
PID:1920

memory/1920-132-0x0000000000000000-mapping.dmp

Download
memory/1920-133-0x000000001FDF0000-0x000000001FE2D000-memory.dmp

Filesize
244KB

Download