c98ad496d24614fb03ff09e4be80c9aa530cc1989ddd4a195e02f7eac4704039

Analysis

max time kernel
91s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:52

Target

c98ad496d24614fb03ff09e4be80c9aa530cc1989ddd4a195e02f7eac4704039.dll
Size

147KB
MD5

3b62eb8b46c658b5085339992492d7d1
SHA1

417f4cce49df2ed576f06bfb5b5e3658f2a6c810
SHA256

c98ad496d24614fb03ff09e4be80c9aa530cc1989ddd4a195e02f7eac4704039
SHA512

de7ff4d81c9828b75ff855300e9e8873c7213c7f8fa3cf0f146f3272e520a0aea5b901c30c0463a3791032447ca184e2581f4f3fc897c17f0b79da3e771b4fee
SSDEEP

3072:PmL4Sm+aBzYRB7Q+fjES8xxDT0176qVecxbmAf5Jn0vssHD:PgaBzYRBZfjntTVvqK5JussHD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5000 wrote to memory of 4896	5000	rundll32.exe	rundll32.exe
PID 5000 wrote to memory of 4896	5000	rundll32.exe	rundll32.exe
PID 5000 wrote to memory of 4896	5000	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c98ad496d24614fb03ff09e4be80c9aa530cc1989ddd4a195e02f7eac4704039.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c98ad496d24614fb03ff09e4be80c9aa530cc1989ddd4a195e02f7eac4704039.dll,#1
2⤵
PID:4896

memory/4896-132-0x0000000000000000-mapping.dmp

Download
memory/4896-133-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download