db7b7919072f52c4c884d552f6e3f133e5f756f75fdc31ce542b3a37e21a5262

Analysis

max time kernel
160s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 14:08

Target

db7b7919072f52c4c884d552f6e3f133e5f756f75fdc31ce542b3a37e21a5262.dll
Size

30KB
MD5

c67fd529886b386513b0695b5717c8e9
SHA1

0171e1bc73b1fca8169a7e625eb4b1518b40c02d
SHA256

db7b7919072f52c4c884d552f6e3f133e5f756f75fdc31ce542b3a37e21a5262
SHA512

ffd1a985eebffb5082fc89ac54cd0d52b7c8fa532a077b9549e75623159bc912e7a2895aec087965ab704af3f9da7b157fda87134c2cbdd3afd8abce8397bf7f
SSDEEP

384:INJs5yqusFWtRCcH4DcjZGsXVVbRKdPg0uQEuwb5rKgKMKJCmkLv3jPH/OfGlSTn:Iiuss8efsub83LJC33jOfOSPzK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2952	2340	rundll32.exe	82
PID 2340 wrote to memory of 2952	2340	rundll32.exe	82
PID 2340 wrote to memory of 2952	2340	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db7b7919072f52c4c884d552f6e3f133e5f756f75fdc31ce542b3a37e21a5262.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db7b7919072f52c4c884d552f6e3f133e5f756f75fdc31ce542b3a37e21a5262.dll,#1
  2⤵
  PID:2952

memory/2952-133-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download