a84e151c81ce0bdc83b746a9a4722e85bd7f000a3ff6e93003a28c14e01af247

Analysis

max time kernel
91s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2023 15:00

Target

820-57-0x0000000000440000-0x0000000000463000-memory.dll
Size

140KB
MD5

1c1479fc34cd0643d9f92a86239128a7
SHA1

42df908ca685fc4c6f4810fc74cdd3e93f98be86
SHA256

a84e151c81ce0bdc83b746a9a4722e85bd7f000a3ff6e93003a28c14e01af247
SHA512

36a240cf3f39521992021b45b1ee3f65b11017ddd0ccc4477032d5a2d45e0f9c2df27716e69b4720f9964df13cba5dfab4acd36b98c5623c36e1d086c9aef7cc
SSDEEP

3072:ROCFfgTwC43xRxuE36oYA/JhI/Q3TBfvr6+:HgTV4hzuBo9/JK/Q3TBHr6

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4056 wrote to memory of 4648	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 4648	4056	rundll32.exe	rundll32.exe
PID 4056 wrote to memory of 4648	4056	rundll32.exe	rundll32.exe
PID 4648 wrote to memory of 4704	4648	rundll32.exe	rundll32.exe
PID 4648 wrote to memory of 4704	4648	rundll32.exe	rundll32.exe
PID 4648 wrote to memory of 4704	4648	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000440000-0x0000000000463000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4056

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000440000-0x0000000000463000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:4648

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000440000-0x0000000000463000-memory.dll,#1
3⤵
PID:4704