37f4fc0bb6988d8640f6ba523a86b50d51bc280689c2e2fba303351deda0e707

Analysis

max time kernel
202s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:05

Target

37f4fc0bb6988d8640f6ba523a86b50d51bc280689c2e2fba303351deda0e707.dll
Size

10KB
MD5

4d3213a24650182ab897340bc70b3c29
SHA1

a3db5f9dfdc21a468ec7f5be98f523b62e76971c
SHA256

37f4fc0bb6988d8640f6ba523a86b50d51bc280689c2e2fba303351deda0e707
SHA512

b8036dc79891e54c10df983b732c50f62df752fd821c8f07d3ffe2ac04ad4ea547ee8061368d594ce52247ec748c1384f4b7ee13b9128a91b1ed74f784b02037
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9jfrA:6dHad/N20IypWak8dWiWak8EdWIfs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1164 wrote to memory of 5104	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 5104	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 5104	1164	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f4fc0bb6988d8640f6ba523a86b50d51bc280689c2e2fba303351deda0e707.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37f4fc0bb6988d8640f6ba523a86b50d51bc280689c2e2fba303351deda0e707.dll,#1
2⤵
PID:5104

memory/5104-132-0x0000000000000000-mapping.dmp

Download
memory/5104-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download