da485a50c31be250a71384a3330b4d28d1341e7fccfeb4b47cb57611bfb86018

Analysis

max time kernel
154s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 16:12

Target

da485a50c31be250a71384a3330b4d28d1341e7fccfeb4b47cb57611bfb86018.dll
Size

328KB
MD5

2d9f28892fd94b99329f8dc4311a7e97
SHA1

19d2bd4e2739fa8030b81c47b84c8fa04c989ea1
SHA256

da485a50c31be250a71384a3330b4d28d1341e7fccfeb4b47cb57611bfb86018
SHA512

a555eb536fe4d69adc831070ef5d4b26b6f201c70340779356bb4b79f006394fa4993f41be3231981d122ae23e3b057d5dfe55e99fe1b551a7c15f0963dc5e64
SSDEEP

6144:ZI+kg8klCdLaDyZbj+gWS+QbEJPQ6/hRvTjDnP+0tSZVaQ2u:ZNdlCdmDyZbj3+4vGJDnW0tS/Wu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2084	2556	rundll32.exe	78
PID 2556 wrote to memory of 2084	2556	rundll32.exe	78
PID 2556 wrote to memory of 2084	2556	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\da485a50c31be250a71384a3330b4d28d1341e7fccfeb4b47cb57611bfb86018.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\da485a50c31be250a71384a3330b4d28d1341e7fccfeb4b47cb57611bfb86018.dll,#1
  2⤵
  PID:2084

memory/2084-132-0x0000000000000000-mapping.dmp

Download
memory/2084-133-0x0000000002070000-0x000000000215F000-memory.dmp

Filesize
956KB

Download
memory/2084-134-0x0000000002070000-0x000000000215F000-memory.dmp

Filesize
956KB

Download
memory/2084-135-0x0000000002070000-0x000000000215F000-memory.dmp

Filesize
956KB

Download