9361b7567f0c6f32366ea8e64cbc8a27dca7adb1aacaa1edee51256ee9719d38

Analysis

max time kernel
152s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 05:15

Target

9361b7567f0c6f32366ea8e64cbc8a27dca7adb1aacaa1edee51256ee9719d38.dll
Size

355KB
MD5

c67bfdb95d9fe05d7e6397bb06a72270
SHA1

3ccc48ed4e20ce639c9bca814aa90f61dd637d86
SHA256

9361b7567f0c6f32366ea8e64cbc8a27dca7adb1aacaa1edee51256ee9719d38
SHA512

687421b9ffa0631d7eba12bf097647d849fda670261d9c52147b41fdff4b616a713b29b5d47cae92a8659aa9957d126fce9cc30111566b7d4d9cbbdaca591f6a
SSDEEP

6144:57VEk7bITynFuoIM7See13zCABRQmTUKxNJy4H9CNEpcpDE1V6W5721ubkut+F+E:57lfyynFuceeGjC6Re+JLMEGO1VX57xE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1356	2080	rundll32.exe	83
PID 2080 wrote to memory of 1356	2080	rundll32.exe	83
PID 2080 wrote to memory of 1356	2080	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9361b7567f0c6f32366ea8e64cbc8a27dca7adb1aacaa1edee51256ee9719d38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9361b7567f0c6f32366ea8e64cbc8a27dca7adb1aacaa1edee51256ee9719d38.dll,#1
  2⤵
  PID:1356

memory/1356-132-0x0000000000000000-mapping.dmp

Download
memory/1356-133-0x0000000010000000-0x000000001005C000-memory.dmp

Filesize
368KB

Download