23bf638f97934a60096a5d089d688784b52e455c5584c337fc2118823963e9ed

Analysis

max time kernel
125s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2023 19:28

Target

SymRedir.dll
Size

157KB
MD5

a4aac583dd6cadaaa721eaaa0b60f0ac
SHA1

e7460c45dfac2cf7d47cf2025b77030f7b9b41f2
SHA256

23bf638f97934a60096a5d089d688784b52e455c5584c337fc2118823963e9ed
SHA512

e1727d2ab3abc3f438eb3afb299c3bf705cb13b5f125043df0ed61be715d92e595f90619f51d89693fe5a2837af33d2f7622f93e81d19901a94c04699dfe8262
SSDEEP

3072:nr5Ogr6r3K1qYO4rHqf825pypbSj+WZsryYU603hzNmmBX5a2sg9VUbiGcDJHbjZ:+r3K1qUHD6pay0+Bgvg9VUbiGcDJHbjZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2548	2324	rundll32.exe	82
PID 2324 wrote to memory of 2548	2324	rundll32.exe	82
PID 2324 wrote to memory of 2548	2324	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SymRedir.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SymRedir.dll,#1
  2⤵
  PID:2548