a4e9cd658ddad912174d422ad2212de8dbe87eb4dd8e6df9d1381300082f8a33

Analysis

max time kernel
169s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 23:58

Target

a4e9cd658ddad912174d422ad2212de8dbe87eb4dd8e6df9d1381300082f8a33.dll
Size

52KB
MD5

769288e0a585383cf9aa8ad6df2e8ef6
SHA1

21d0de795f08f348a4a5de1850c8bfa0d816b19e
SHA256

a4e9cd658ddad912174d422ad2212de8dbe87eb4dd8e6df9d1381300082f8a33
SHA512

977aa91d6fc7ec99f5a032d5920360787e397ef0e8cbcd492b2d63ee96379426f8749e705f6573a68be35ab5541ae6f26804bdd3d0a2d686a5348e261c78159b
SSDEEP

1536:no7dhp5gU143fdTqn7ux4BaBjd5LLRk57pTiZ2mY:no3zKtqnQtrLLI7pk2/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2588	5020	rundll32.exe	85
PID 5020 wrote to memory of 2588	5020	rundll32.exe	85
PID 5020 wrote to memory of 2588	5020	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4e9cd658ddad912174d422ad2212de8dbe87eb4dd8e6df9d1381300082f8a33.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4e9cd658ddad912174d422ad2212de8dbe87eb4dd8e6df9d1381300082f8a33.dll,#1
  2⤵
  PID:2588

memory/2588-132-0x0000000000000000-mapping.dmp

Download
memory/2588-133-0x0000000010000000-0x0000000010212000-memory.dmp

Filesize
2.1MB

Download