392b199f52399b127f5ce4da84ee26928e6dd9bdd583ce798b3a5ece9c9fe2f6

Analysis

max time kernel
465s
max time network
512s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:18

Target

3.dll
Size

492.9MB
MD5

b86afb4ad9d3647857fe2ca55ec51177
SHA1

f95f45ad679f3cd49169a9a5bbf76f5667d8ea35
SHA256

392b199f52399b127f5ce4da84ee26928e6dd9bdd583ce798b3a5ece9c9fe2f6
SHA512

8fb971cab83b724dcc1af6712749fb906d359062705b73838da323e0bd36e71583e8e4dbc1d80a75a74937e85c5e7299d18fa0355832960068209aa8480be7ce
SSDEEP

12288:FOCb9nj+pHReUp4Hn0HzLu0yumisJ7I9jnmORXFOf6iRjdPk87OJ25PJcpKnlip+:gjx+0TSRJ0FSii1qO6gxSMvFeMzZSlQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4180 wrote to memory of 3996	4180	rundll32.exe	rundll32.exe
PID 4180 wrote to memory of 3996	4180	rundll32.exe	rundll32.exe
PID 4180 wrote to memory of 3996	4180	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3.dll,#1
2⤵
PID:3996

memory/3996-132-0x0000000000000000-mapping.dmp

Download
memory/3996-133-0x0000000021900000-0x0000000021A17000-memory.dmp

Filesize
1.1MB

Download
memory/3996-134-0x0000000002C20000-0x0000000003C20000-memory.dmp

Filesize
16.0MB

Download
memory/3996-135-0x0000000021900000-0x0000000021A17000-memory.dmp

Filesize
1.1MB

Download
memory/3996-136-0x0000000002C20000-0x0000000003C20000-memory.dmp

Filesize
16.0MB

Download
memory/3996-139-0x0000000002E00000-0x0000000002EB8000-memory.dmp

Filesize
736KB

Download
memory/3996-141-0x0000000002C20000-0x0000000002D21000-memory.dmp

Filesize
1.0MB

Download