9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3

Analysis

max time kernel
191s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 05:16

Target

9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll
Size

73KB
MD5

f1b403da96a2fe3e0740411d0be91b80
SHA1

6ad7ee9dd52a4e7183940339cbab4ac13eaf7e05
SHA256

9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3
SHA512

e30a182fbda3bfdf48f4556f2fdd0af768ed62bc7c9464b4e8f3ff03170c192f0d0a595ae5ce3b8da6627d8d9377ff4c598fdcba0c11c91882fe66f0862aada4
SSDEEP

1536:w00M29IodAzll3dJBYU/briHvVHeujS6nbpc8UbTJ26vv:RYdcr/bQHeu7nVkN

Score

5^/10

Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\ylzt07022.Fe rundll32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ylzt07022.Fe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3056 wrote to memory of 1104	3056	rundll32.exe	rundll32.exe
PID 3056 wrote to memory of 1104	3056	rundll32.exe	rundll32.exe
PID 3056 wrote to memory of 1104	3056	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll,#1
2⤵
- Drops file in System32 directory
PID:1104