23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 12:25

Target

23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll
Size

69KB
MD5

d45c14ed23b5dd6498ea649964a60e89
SHA1

efa0fa7a731eb56f2f25f12ed43ce7325f4bbb14
SHA256

23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093
SHA512

c1854b9b80e8fe4f4057f03be3571777be5d7c4ace035b51e140be191d26f3215778a7aa93032ebfffe32ccc41ca51a93bedb900391dc44f67af68456891364f
SSDEEP

1536:Us9P/OcCj+KcsdaddukhSDr/IJmOPgY4kgAkYwg5M857JkPi:UW/RCj+KcsdadYkkf/mmOPj43rLV8xc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 1244	4660	rundll32.exe	81
PID 4660 wrote to memory of 1244	4660	rundll32.exe	81
PID 4660 wrote to memory of 1244	4660	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23dc161689a011a85ed8308a0ee5300bed4fc88e08e346a1a229a1f561e89093.dll,#1
  2⤵
  PID:1244

memory/1244-133-0x0000000074FC0000-0x0000000074FE0000-memory.dmp

Filesize
128KB

Download