c2796c70fab7da968cb2532d25b900d307ec823ac601d882b6fa724829f1cd4a

Analysis

max time kernel
143s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 13:58

Target

c2796c70fab7da968cb2532d25b900d307ec823ac601d882b6fa724829f1cd4a.dll
Size

92KB
MD5

a7b33b45c376cd3a19de30e999268be7
SHA1

e491b2e0d757d01568f46f2d5c60dc8c29a24034
SHA256

c2796c70fab7da968cb2532d25b900d307ec823ac601d882b6fa724829f1cd4a
SHA512

9b941ee8aa7eef605d6e22cf72febdda22f157ad76da16be5cca5ca87e65cafa72d439c8eb8af3071dd88f008fe18293787552951bf7db5b7b2939544bbc9211
SSDEEP

1536:CJ37dCa+HjhAmNFHkiCkrlKg/8uiT5wHGIkIvzoz:CJ37JCdFHXlJ/jc+HHkR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 1876	1748	rundll32.exe	83
PID 1748 wrote to memory of 1876	1748	rundll32.exe	83
PID 1748 wrote to memory of 1876	1748	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2796c70fab7da968cb2532d25b900d307ec823ac601d882b6fa724829f1cd4a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2796c70fab7da968cb2532d25b900d307ec823ac601d882b6fa724829f1cd4a.dll,#1
  2⤵
  PID:1876

memory/1876-132-0x0000000000000000-mapping.dmp

Download
memory/1876-133-0x00000000008B0000-0x00000000008BA000-memory.dmp

Filesize
40KB

Download
memory/1876-137-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1876-138-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download