61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649

Analysis

max time kernel
150s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 18:33

Target

61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll
Size

1.1MB
MD5

c0ca412dfc68dc4e798b69d641c3937b
SHA1

7d1444b0f9c8144e36296647d3be94b87eb2d4a6
SHA256

61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649
SHA512

eb5c7088954e0395bdbef9545abacda6150e631c2c6a32196a9136952ff38270b879bd8c51ecc70b288487c136e34e37bfa0e1e715924f88e1e8419a83c5f166
SSDEEP

24576:9yj5/Ex4BRW38y2wWm5LP+7c5VoV/OQm2xSy:9yjxoIW38y25m5LgRWQm27

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4752	1536	rundll32.exe	83
PID 1536 wrote to memory of 4752	1536	rundll32.exe	83
PID 1536 wrote to memory of 4752	1536	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll,#1
  2⤵
  PID:4752

memory/4752-133-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download