e9d399d9c70b82acfb2311b6a7f13386bf944bdf212f014f9dcb8ff98a3ab584

Analysis

max time kernel
182s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 19:43

Target

e9d399d9c70b82acfb2311b6a7f13386bf944bdf212f014f9dcb8ff98a3ab584.dll
Size

52KB
MD5

70039b079f396f6f2aec76524125e5b2
SHA1

7daeaf5fc8a9289103c37c60233b7f06d19574b7
SHA256

e9d399d9c70b82acfb2311b6a7f13386bf944bdf212f014f9dcb8ff98a3ab584
SHA512

408312cba07aef69cc68d8ffde8aafb3d84ecba445fd39b20853f13ca66a0f01b0ba59a02be5fb1ecaddc362e1c0963c3d1890c5a51e266a5fff4b0249044927
SSDEEP

768:FVGDXifqpy53Xo92L78BlYxlIXsyZ30RRjpKQnpbul:rGDXibdojYlPIEjjpKQnpb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 4488	2384	rundll32.exe	81
PID 2384 wrote to memory of 4488	2384	rundll32.exe	81
PID 2384 wrote to memory of 4488	2384	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d399d9c70b82acfb2311b6a7f13386bf944bdf212f014f9dcb8ff98a3ab584.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d399d9c70b82acfb2311b6a7f13386bf944bdf212f014f9dcb8ff98a3ab584.dll,#1
  2⤵
  PID:4488

memory/4488-132-0x0000000000000000-mapping.dmp

Download
memory/4488-133-0x0000000000F40000-0x0000000001016000-memory.dmp

Filesize
856KB

Download