0a89f68ce7e2ff2e4e9e413c068cb2b61fd919dd791f5ee2c168abf04947ccef

Analysis

max time kernel
206s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 11:59

Target

0a89f68ce7e2ff2e4e9e413c068cb2b61fd919dd791f5ee2c168abf04947ccef.dll
Size

677KB
MD5

8fd5416152bd5afb2185c142235da0ac
SHA1

c010bfdecb11224c8d7c869713fed3703553f60b
SHA256

0a89f68ce7e2ff2e4e9e413c068cb2b61fd919dd791f5ee2c168abf04947ccef
SHA512

ff5290d40708527089c56c3b267114ac49d61e50fcee9d9e6c11bc1497b1190a613524d267cddf234802deb9660b62029f9b7a65ac7014fea90491da590be60c
SSDEEP

12288:cq4pxZKKw/kj2hKq6ab/XuIpWrDSEHr8s0AaOV3fsjeU5X2qdOgVY5sjop5e8V:0pPwhKu/XuHJLNPaO6jb5X2qdOgVRs5d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3020 wrote to memory of 4916	3020	rundll32.exe	rundll32.exe
PID 3020 wrote to memory of 4916	3020	rundll32.exe	rundll32.exe
PID 3020 wrote to memory of 4916	3020	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a89f68ce7e2ff2e4e9e413c068cb2b61fd919dd791f5ee2c168abf04947ccef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a89f68ce7e2ff2e4e9e413c068cb2b61fd919dd791f5ee2c168abf04947ccef.dll,#1
2⤵
PID:4916

memory/4916-132-0x0000000000000000-mapping.dmp

Download
memory/4916-133-0x0000000074900000-0x0000000074A49000-memory.dmp

Filesize
1.3MB

Download
memory/4916-134-0x0000000074900000-0x0000000074A49000-memory.dmp

Filesize
1.3MB

Download