7b20e6e3815f89c40e081bcdba5224884405b03b7eb85b1d5c5d84869604067d

Analysis

max time kernel
61s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:01

Target

7b20e6e3815f89c40e081bcdba5224884405b03b7eb85b1d5c5d84869604067d.dll
Size

74KB
MD5

55536d10e76a0a7f5271ad55058694f0
SHA1

12e382ecd70f51ec9eb9aeb8194dc92d0cf89855
SHA256

7b20e6e3815f89c40e081bcdba5224884405b03b7eb85b1d5c5d84869604067d
SHA512

ea0449c60ecf5f38fa9d628dcb6bf6e71b1bc273661c8e387282421875df04cb528592b07608d6977a3d9a1896e8073277345bbe798d0e4b792947478b426fd2
SSDEEP

1536:cd8oF10jDyJSI+Ih+a7AmtwesGYD8iFuN5GpHsFyFjG:FyWiB+qyBGYD8gpHsw8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 3540	3796	rundll32.exe	83
PID 3796 wrote to memory of 3540	3796	rundll32.exe	83
PID 3796 wrote to memory of 3540	3796	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b20e6e3815f89c40e081bcdba5224884405b03b7eb85b1d5c5d84869604067d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b20e6e3815f89c40e081bcdba5224884405b03b7eb85b1d5c5d84869604067d.dll,#1
  2⤵
  PID:3540

memory/3540-133-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download