7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce

Analysis

max time kernel
229s
max time network
280s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:51

Target

7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll
Size

10KB
MD5

3e5156ac68cb5ed8f0450eb97f340efb
SHA1

96ccd419618c99059d01448a11cab05b2376c9bf
SHA256

7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce
SHA512

2426afe85d16c4c9d6e6cb4d3fa37dea38b3d0642eee3000151bb8ad4d3c2c5bd9033828e53ae7baa8958948caed7dd5ed50df4bd4a200c0b80f6f1849d19ac7
SSDEEP

192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o92b:48jhdHad/z20IyFWakC84dWaWak8cdWj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3924 wrote to memory of 3928	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 3928	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 3928	3924	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9d86cb6c6cfa2f4570b7b80cffa7748c490721e0cc15c31293d18dd1851cce.dll,#1
2⤵
PID:3928

memory/3928-132-0x0000000000000000-mapping.dmp

Download
memory/3928-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download