38c5e7d6299bce91361619261816bf61d43dc563791456e115f0dbf329a0c11e

Analysis

max time kernel
188s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:58

Target

38c5e7d6299bce91361619261816bf61d43dc563791456e115f0dbf329a0c11e.dll
Size

216KB
MD5

cf9459d0127c22ad8546438902fb2080
SHA1

08a924c18f701021a84438a05acaaaadfa4b6239
SHA256

38c5e7d6299bce91361619261816bf61d43dc563791456e115f0dbf329a0c11e
SHA512

772f25b1db36ea500bb112773cdaf792676d1a5900a6665a62022db7c24bb7b5de39a110dcab875a11c93ac7e94e683654a130543e372f0d26712dff346320d6
SSDEEP

6144:b7u5/KtAUEVjddeIc/9fH/3pF7NNY7bi0770/XOKVMdZpurxRhh/WQ03MvvlOrhI:m4tAUUddeIc/9TY7bi0H0sd6hhOmvYwN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2836	1156	rundll32.exe	82
PID 1156 wrote to memory of 2836	1156	rundll32.exe	82
PID 1156 wrote to memory of 2836	1156	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38c5e7d6299bce91361619261816bf61d43dc563791456e115f0dbf329a0c11e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38c5e7d6299bce91361619261816bf61d43dc563791456e115f0dbf329a0c11e.dll,#1
  2⤵
  PID:2836

memory/2836-133-0x000000001E7A0000-0x000000001E7DA000-memory.dmp

Filesize
232KB

Download