d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6

Analysis

max time kernel
196s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 12:34

Target

d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll
Size

524KB
MD5

5aaff2584315f689af917fc69fa83bf5
SHA1

d28cdc9588c902d67d375f723f7163eedb1ea857
SHA256

d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6
SHA512

016a845abd7e28b3e588d5dae74ee4a6541715fa21ebcc54897d1ba10b18d4e60887081b53b4014d66fcca97635cafc3e133461f59cf29162bde46a2c3aff07b
SSDEEP

12288:IvI07twZhHJguO9Xns3gy4dk+PZYDpidR97R6q7:bsQHJguO9XnXy4kuKdaR6C

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 3064	4756	rundll32.exe	82
PID 4756 wrote to memory of 3064	4756	rundll32.exe	82
PID 4756 wrote to memory of 3064	4756	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#1
  2⤵
  PID:3064

memory/3064-133-0x0000000000890000-0x000000000091D000-memory.dmp

Filesize
564KB

Download