9bf22549b2d3e5bd2d8637f0ece47db196eaf849093f26724743a402f6d0515d

Analysis

max time kernel
106s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:57

Target

9bf22549b2d3e5bd2d8637f0ece47db196eaf849093f26724743a402f6d0515d.dll
Size

9KB
MD5

5a962e6c7698425d81aa1587c1877485
SHA1

255da5607f1b0759abcc99555a9c4b8ca2469489
SHA256

9bf22549b2d3e5bd2d8637f0ece47db196eaf849093f26724743a402f6d0515d
SHA512

9639d05bd2e8a4bd8f8970cb50c9624deca8ab8d1c4141ba7686b1b28eb297cb2058afaa98b396fa05b84533d47c27da26784678013f32bce6c07f75025446b3
SSDEEP

192:Iw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w97D:4dHad/N20IypWak8dWiWak8EdWM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3008 wrote to memory of 2324	3008	rundll32.exe	rundll32.exe
PID 3008 wrote to memory of 2324	3008	rundll32.exe	rundll32.exe
PID 3008 wrote to memory of 2324	3008	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf22549b2d3e5bd2d8637f0ece47db196eaf849093f26724743a402f6d0515d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf22549b2d3e5bd2d8637f0ece47db196eaf849093f26724743a402f6d0515d.dll,#1
2⤵
PID:2324

memory/2324-132-0x0000000000000000-mapping.dmp

Download
memory/2324-134-0x000000006DD20000-0x000000006DD27000-memory.dmp

Filesize
28KB

Download
memory/2324-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download