e18d7116fe3953c47df7148f444f53270db2eac8ea06b77d8ac29fa751a6d451

Analysis

max time kernel
178s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 20:39

Target

e18d7116fe3953c47df7148f444f53270db2eac8ea06b77d8ac29fa751a6d451.dll
Size

343KB
MD5

d56273e4746166acd914b7c9dbb793ab
SHA1

244afb86d387404486fc73a70de8465fac1dc4b1
SHA256

e18d7116fe3953c47df7148f444f53270db2eac8ea06b77d8ac29fa751a6d451
SHA512

46fb109c16b40a886777f79a17aac9ba22aca4b72f873940b543db393aaeccc26eb89f921c74add560748302d2befe9a40d642cc348c4b05fd73d9a908f60f31
SSDEEP

6144:X4O1Uzw4bATNhMF7NVwI//rw/XWRid57mIbosm4hkNEckL/wG:X48IwmMvMFpKIyXWRidMIbdh3/J

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2776 wrote to memory of 1360	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 1360	2776	rundll32.exe	rundll32.exe
PID 2776 wrote to memory of 1360	2776	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e18d7116fe3953c47df7148f444f53270db2eac8ea06b77d8ac29fa751a6d451.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e18d7116fe3953c47df7148f444f53270db2eac8ea06b77d8ac29fa751a6d451.dll,#1
2⤵
PID:1360

memory/1360-132-0x0000000000000000-mapping.dmp

Download
memory/1360-133-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/1360-134-0x00000000007A0000-0x00000000007F2000-memory.dmp

Filesize
328KB

Download