4e64d1cc392e0613508a960afd299596dbe5c545806b4adbb27e634a0073f079

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 20:25

Target

4e64d1cc392e0613508a960afd299596dbe5c545806b4adbb27e634a0073f079.dll
Size

384KB
MD5

2d000471fa6524ed020aa70fe3511467
SHA1

c9412d1e8170e9b3b711796e1518becc540ad0ca
SHA256

4e64d1cc392e0613508a960afd299596dbe5c545806b4adbb27e634a0073f079
SHA512

607c3006f7b5198164ac0d2f5ce70a6debecdfe1c4d66ff25edf2a28fe271cb41f4ef61914834354bfd1d9e65e1f6984afbf01d9dba158a994318dea79fab114
SSDEEP

6144:Q1NPckLAlIYf6SMdTj8MU7LQLWnHLQdcJDHeXbnce/vW3HNmskxG1yrg7/J/CO:Qzkxl1YTj8RuWrQdNXb83NmO1yrg7J/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3444	1176	rundll32.exe	80
PID 1176 wrote to memory of 3444	1176	rundll32.exe	80
PID 1176 wrote to memory of 3444	1176	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e64d1cc392e0613508a960afd299596dbe5c545806b4adbb27e634a0073f079.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e64d1cc392e0613508a960afd299596dbe5c545806b4adbb27e634a0073f079.dll,#1
  2⤵
  PID:3444

memory/3444-133-0x0000000010000000-0x000000001006F000-memory.dmp

Filesize
444KB

Download
memory/3444-134-0x0000000010000000-0x000000001006F000-memory.dmp

Filesize
444KB

Download