d205969db7aa6aa25d35f473d2acf13ec98e93fc59e4e635295248ffe3415ad2

Analysis

max time kernel
187s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:16

Target

d205969db7aa6aa25d35f473d2acf13ec98e93fc59e4e635295248ffe3415ad2.dll
Size

46KB
MD5

72529ce23fd8c7af4561ade99867278c
SHA1

386c95a8adbecc9083dc93f63663815b9cade3fd
SHA256

d205969db7aa6aa25d35f473d2acf13ec98e93fc59e4e635295248ffe3415ad2
SHA512

b98f2bf380ad32b1fbf8eb88a25741cc84f4b78a98b259662736e10dbd4342d082ffbaa2c3fb3b348282d5ff648827ba38e96c3076b13552162d521f61d8f9e9
SSDEEP

768:7zUZYX8QXsp6O3aJGqUSoeFJ7ya9XB2LdAbyg/mk8PXswIW8IW4dVPoSpbW5CfXy:7EYMQXspKGqUSoeFZya9xgeLHC8wIW8P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4520	3108	rundll32.exe	84
PID 3108 wrote to memory of 4520	3108	rundll32.exe	84
PID 3108 wrote to memory of 4520	3108	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d205969db7aa6aa25d35f473d2acf13ec98e93fc59e4e635295248ffe3415ad2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d205969db7aa6aa25d35f473d2acf13ec98e93fc59e4e635295248ffe3415ad2.dll,#1
  2⤵
  PID:4520

memory/4520-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download