2707a91ca84156bddaa91ae7b620d35be31d04e292884ef366ecd93c2214c5d5

Analysis

max time kernel
193s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:29

Target

2707a91ca84156bddaa91ae7b620d35be31d04e292884ef366ecd93c2214c5d5.dll
Size

76KB
MD5

63bb637dbacc3fbe17d073265c184850
SHA1

5bd0110f987f9a5801965f51c362e4a5c76fe0b1
SHA256

2707a91ca84156bddaa91ae7b620d35be31d04e292884ef366ecd93c2214c5d5
SHA512

68e4762252b14b4619b376d994a68113b17372f85fa300d77995dd4865b7a060b1f51f19ca0fba1d87650cdeadeb63066c95f18455a3a0b30634c438617ca02a
SSDEEP

1536:k8X0fgUGjWsmQMAjAescOJQ0WMy1H+ogyJ:k8kfgUVQMFeswMy1H+ogyJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 620	2028	rundll32.exe	82
PID 2028 wrote to memory of 620	2028	rundll32.exe	82
PID 2028 wrote to memory of 620	2028	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2707a91ca84156bddaa91ae7b620d35be31d04e292884ef366ecd93c2214c5d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2707a91ca84156bddaa91ae7b620d35be31d04e292884ef366ecd93c2214c5d5.dll,#1
  2⤵
  PID:620

memory/620-133-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/620-135-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/620-137-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/620-138-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download