1ce6c9ee5f93022301b5ebb39c41af0344445b3cf15f8af614d384311ec8c2be

Analysis

max time kernel
112s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:49

Target

1ce6c9ee5f93022301b5ebb39c41af0344445b3cf15f8af614d384311ec8c2be.dll
Size

152KB
MD5

436c65ef500df26413151232e36e7a10
SHA1

38c26ff2864f47e99e08489a0fe90670b9cd3aaa
SHA256

1ce6c9ee5f93022301b5ebb39c41af0344445b3cf15f8af614d384311ec8c2be
SHA512

4794b5b4a04aa8db747fd68a5e6379b00156ca94345c4e34f58680b07a57f4cd80c5e4882b29a8aa409327cdd286a40ea36a1053d8106cafd5f5b52863daacee
SSDEEP

3072:zuF5MydXpiYNout1LTqm86CTqCnskPo3egH7MLaKyvkLi+yHqGNr:z2ldRNoSxq5HskPLgHxKyvkL3yKs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2444 wrote to memory of 2288	2444	rundll32.exe	rundll32.exe
PID 2444 wrote to memory of 2288	2444	rundll32.exe	rundll32.exe
PID 2444 wrote to memory of 2288	2444	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ce6c9ee5f93022301b5ebb39c41af0344445b3cf15f8af614d384311ec8c2be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ce6c9ee5f93022301b5ebb39c41af0344445b3cf15f8af614d384311ec8c2be.dll,#1
2⤵
PID:2288

memory/2288-132-0x0000000000000000-mapping.dmp

Download
memory/2288-133-0x0000000075260000-0x0000000075298000-memory.dmp

Filesize
224KB

Download