d2f7a0204ba0171b9ab8790ef6e95fb6e72f33fadfaea4997882ffa14fdbc6d2

Analysis

max time kernel
93s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 05:25

Target

d2f7a0204ba0171b9ab8790ef6e95fb6e72f33fadfaea4997882ffa14fdbc6d2.dll
Size

68KB
MD5

607a22dd2151c8d8080a9c98f0713650
SHA1

cd1c6f97cb2061f3304bec3c3fc4f61b4a513776
SHA256

d2f7a0204ba0171b9ab8790ef6e95fb6e72f33fadfaea4997882ffa14fdbc6d2
SHA512

c670c2bc427c88d8fb2ef4c555be70015c2fb473470e245163a02901bb71578b03c65cbb7e0f8911834edc31103b0e791b07c6b8d757ee7519b5aabe04b25efb
SSDEEP

768:yBbWEDHQ3q5NBv6Fy1cXp4EfdD6IMstRKydKQ4jUtvffPbbcXW7SOy2UETsl8YuH:yRWEDHQ3qkFy1h+UYRsUtPkWb3ZY4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 3052	4684	rundll32.exe	78
PID 4684 wrote to memory of 3052	4684	rundll32.exe	78
PID 4684 wrote to memory of 3052	4684	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2f7a0204ba0171b9ab8790ef6e95fb6e72f33fadfaea4997882ffa14fdbc6d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d2f7a0204ba0171b9ab8790ef6e95fb6e72f33fadfaea4997882ffa14fdbc6d2.dll,#1
  2⤵
  PID:3052

memory/3052-132-0x0000000000000000-mapping.dmp

Download
memory/3052-133-0x0000000001630000-0x0000000001638000-memory.dmp

Filesize
32KB

Download