60764fa5eb79571cdf54c42e1b2f12e7ee96186fab7b51c63cac11b55d936a4c

Analysis

max time kernel
161s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 08:39

Target

60764fa5eb79571cdf54c42e1b2f12e7ee96186fab7b51c63cac11b55d936a4c.dll
Size

604KB
MD5

4dc9fac124b9cde37c980fa0ba2cd660
SHA1

cb9d9f99a90c941c014e0e5c4b3d53d5c10c8625
SHA256

60764fa5eb79571cdf54c42e1b2f12e7ee96186fab7b51c63cac11b55d936a4c
SHA512

717783aa74d8d52e8b14ebca3b221aac719606603a5a2270177f898e57caff9e4bc71196ac89133fe3fdb559e71297a894281f42d207969b4dd72600ca2f971a
SSDEEP

12288:3CqrU4AOfzSjWf41BfeeY8oZF9B1f7ACAJoTL4SDcxC5T2y:Lw4AObSCfUAeh4f7EJeRDP12y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1424	2988	rundll32.exe	85
PID 2988 wrote to memory of 1424	2988	rundll32.exe	85
PID 2988 wrote to memory of 1424	2988	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60764fa5eb79571cdf54c42e1b2f12e7ee96186fab7b51c63cac11b55d936a4c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60764fa5eb79571cdf54c42e1b2f12e7ee96186fab7b51c63cac11b55d936a4c.dll,#1
  2⤵
  PID:1424

memory/1424-132-0x0000000000000000-mapping.dmp

Download
memory/1424-134-0x0000000002D20000-0x0000000002D9E000-memory.dmp

Filesize
504KB

Download
memory/1424-133-0x0000000002DB0000-0x0000000002E47000-memory.dmp

Filesize
604KB

Download
memory/1424-138-0x0000000002DB0000-0x0000000002E47000-memory.dmp

Filesize
604KB

Download
memory/1424-139-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1424-140-0x0000000002D20000-0x0000000002D9E000-memory.dmp

Filesize
504KB

Download