d4e3297127b96035794f8587f83851d1f12cc71ba1cb58b8997745b77da2deb2

Analysis

max time kernel
139s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 19:43

Target

d4e3297127b96035794f8587f83851d1f12cc71ba1cb58b8997745b77da2deb2.dll
Size

56KB
MD5

fd777b6bfa862baf341c5b8dd402ddfc
SHA1

0a716ec6d3f76182809647e50c955fd82d785696
SHA256

d4e3297127b96035794f8587f83851d1f12cc71ba1cb58b8997745b77da2deb2
SHA512

1fcd87aab1911db97012f3552e524a73a47ec592a863d86089ad5de057886ef37e64ee5e15c940e118074693854d25b51d3e784c47b598f19d5f7b830c727070
SSDEEP

384:IpwMX9iX3LmlIL5x94DCyyj0Z2Xo9PdSuoL/gZ1syltI51+yfOrx52lZD6rQfQXg:I2U+bfy2TXo9c5LC1bnA+yfeOnBfix

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2956	2492	rundll32.exe	79
PID 2492 wrote to memory of 2956	2492	rundll32.exe	79
PID 2492 wrote to memory of 2956	2492	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4e3297127b96035794f8587f83851d1f12cc71ba1cb58b8997745b77da2deb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4e3297127b96035794f8587f83851d1f12cc71ba1cb58b8997745b77da2deb2.dll,#1
  2⤵
  PID:2956

memory/2956-133-0x0000000002B30000-0x0000000002C06000-memory.dmp

Filesize
856KB

Download