47c3642ffa359cb34c0e977b258bfd8ed73b1bda425679d35d8f41df953fc934

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 22:10

Target

47c3642ffa359cb34c0e977b258bfd8ed73b1bda425679d35d8f41df953fc934.dll
Size

22KB
MD5

2d39379f5050b20f8364b0c69a5722f4
SHA1

5e663df050739c68adb4b85a805f767d3507e101
SHA256

47c3642ffa359cb34c0e977b258bfd8ed73b1bda425679d35d8f41df953fc934
SHA512

9cb765cd386c1fe402862bf3431eae54a3ee34c112a9e0f2bdf41af9f384d6619e1f0da9fc88ffb7b097fc600370eba2bbeceacfa10998f5580d42a79bbe18c5
SSDEEP

384:TeH+tWzlSDrb5+gIS3a2Oaa2pbNGJ38pPJv1TCAxAr6+S9Pfu7n5r:dtWurb6SOaVwYxv1TlxndeVr

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1728	1376	rundll32.exe	80
PID 1376 wrote to memory of 1728	1376	rundll32.exe	80
PID 1376 wrote to memory of 1728	1376	rundll32.exe	80
PID 1728 wrote to memory of 396	1728	rundll32.exe	81
PID 1728 wrote to memory of 396	1728	rundll32.exe	81
PID 1728 wrote to memory of 396	1728	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47c3642ffa359cb34c0e977b258bfd8ed73b1bda425679d35d8f41df953fc934.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\47c3642ffa359cb34c0e977b258bfd8ed73b1bda425679d35d8f41df953fc934.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Windows\SysWOW64\Wscript.exe
    Wscript.exe c:\windows\ime\vbs\pp.vbs
    3⤵
    PID:396

memory/1728-134-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download