604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619

Analysis

max time kernel
147s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 00:48

Target

604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll
Size

448KB
MD5

e7f4878395dadd49b14390347945ef10
SHA1

33ad326bd5f6d9cab4f4819d8e054cf79b98578f
SHA256

604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619
SHA512

a8de6870a1704217ee61b2e329ca39d09a0d1fe526b350338dffb1f1ab8a87c5a2d0c8ed2f13c7316b7e7eca3495d10030b918fc56f8b743df2562114a304544
SSDEEP

3072:faWIJLbdT3uzcBq747XerfRiNdHT9BFYQo7YH9VLs:pIJLJjuoBq7OXerfR0xB2QMI

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3020	rundll32.exe
3020	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 3020	2628	rundll32.exe	83
PID 2628 wrote to memory of 3020	2628	rundll32.exe	83
PID 2628 wrote to memory of 3020	2628	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020

memory/3020-133-0x00000000749D0000-0x0000000074A43000-memory.dmp

Filesize
460KB

Download
memory/3020-134-0x00000000749D0000-0x0000000074A43000-memory.dmp

Filesize
460KB

Download