7adad9ddbb7d2a67850f7eb3939b7bb3982ec79d842973539f0101a0e75a5294

Analysis

max time kernel
202s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 23:56

Target

MirServer/Mir200/IPLocal.dll
Size

167KB
MD5

bbf62130e7a5966a2b7b89411ad335c8
SHA1

9f6a0af9525cc6b6df479d3d511e06200571c1b5
SHA256

da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
SHA512

52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
SSDEEP

3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3532 wrote to memory of 3176	3532	rundll32.exe	rundll32.exe
PID 3532 wrote to memory of 3176	3532	rundll32.exe	rundll32.exe
PID 3532 wrote to memory of 3176	3532	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
  2⤵
  PID:3176