348c916c43316169eda80c16859a2b4d6992d8f2f47b7f5839fd159e4651c979

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:44

Target

348c916c43316169eda80c16859a2b4d6992d8f2f47b7f5839fd159e4651c979.dll
Size

257KB
MD5

d6887d6feccd7dd6d378ee3af9d60430
SHA1

8d5a600e850f65ea4403e9c781bfdf49594b5eae
SHA256

348c916c43316169eda80c16859a2b4d6992d8f2f47b7f5839fd159e4651c979
SHA512

e270a388c3c8e2835d859d879c5e59acc928771de7927f0ee8c6f5d37499ea79a7f7358ac5755a899352aea3fc3bb0893d8dcc47447417b24d9cb8995dc248f8
SSDEEP

3072:NXWAGrvnenIwFuAIgmGQd0OyRj+6EFfKwfD/QVNXtddSKqPPpFE:NXWAqaIwKFCwb0tdNqPPz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\348c916c43316169eda80c16859a2b4d6992d8f2f47b7f5839fd159e4651c979.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\348c916c43316169eda80c16859a2b4d6992d8f2f47b7f5839fd159e4651c979.dll,#1
  2⤵
  PID:388

memory/388-133-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download