942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c

Analysis

max time kernel
187s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 21:00

Target

942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll
Size

1.7MB
MD5

69c143b1afce1bb03e99645736d6ca4c
SHA1

e54c58c096b7262803e818668c6c51eb30adad1f
SHA256

942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c
SHA512

bf85d202b9146ea9e602589dfbc60e101ad4a18a1320def87cd93f3e6026758a13aae7b14c7f9f87c8eef013b4ca349346384ad3bea129567d92afc56ca9de35
SSDEEP

49152:HsbMCG4Zoj00+tYCRAjyEYmnpd35Ck7+f:6MCGEhYXWED5r7s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 2612	4668	rundll32.exe	81
PID 4668 wrote to memory of 2612	4668	rundll32.exe	81
PID 4668 wrote to memory of 2612	4668	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\942367a5c7d55f9b5f156b83a0933211b67944208be7103cb556c774e7afb64c.dll,#1
  2⤵
  PID:2612

memory/2612-133-0x0000000000D90000-0x0000000000D9F000-memory.dmp

Filesize
60KB

Download
memory/2612-134-0x0000000000D90000-0x0000000000D9F000-memory.dmp

Filesize
60KB

Download