d730bb01594914a6968e8349913ab8d6cc64ba910cd64cd4915f87fcc5ef05b6

Analysis

max time kernel
164s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:12

Target

d730bb01594914a6968e8349913ab8d6cc64ba910cd64cd4915f87fcc5ef05b6.dll
Size

80KB
MD5

1f911151e46d5afe28ab2a7c3d0a5d96
SHA1

7c22ee412bbfd8a1c7a8670b21ce56e23b7a6b5a
SHA256

d730bb01594914a6968e8349913ab8d6cc64ba910cd64cd4915f87fcc5ef05b6
SHA512

a4904f8828f7b95b7d643b0205ebc3030ab0a5986b480c5f3b6686a08239b5e4e12c828e320972c8252ea98e654a9bbf336ab902c927d45fa4f755dd5c0a7ca2
SSDEEP

384:pCnOJsQJb8m/u6kotQPbT6VP2Nf5PO7I9LCk4TvHxqlHMlKZOxx8PcwCwSRdJgZ+:I4zWBPh/dmh4sHwPiwQJy4Rt/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 3584	2128	rundll32.exe	83
PID 2128 wrote to memory of 3584	2128	rundll32.exe	83
PID 2128 wrote to memory of 3584	2128	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d730bb01594914a6968e8349913ab8d6cc64ba910cd64cd4915f87fcc5ef05b6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d730bb01594914a6968e8349913ab8d6cc64ba910cd64cd4915f87fcc5ef05b6.dll,#1
  2⤵
  PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3584 -ip 3584
1⤵
PID:220

memory/3584-133-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download