89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2023 22:03

Target

89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll
Size

70KB
MD5

b9e4abfa56990721d8d6954b404198ee
SHA1

2819810b456fc38908e1ed3715f925f2bf0e5720
SHA256

89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6
SHA512

d72607b7639d0609f4c6fb4e2e30859b502dd9376fc8b6d04b97da4bf98db7b91bb08a93547e60bb8d358b678ded93b31c596c0417e191bdf347a68fed194784
SSDEEP

1536:h6//9uORAesLQ7tu+lbbRqvHQS61Wi/p+7uRzbGvMy:h63AORAesktllbbUvw/1Wix+72Ry

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4604	4444	rundll32.exe	78
PID 4444 wrote to memory of 4604	4444	rundll32.exe	78
PID 4444 wrote to memory of 4604	4444	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\89d1dc2c4bfc7978c0f341726f5c8997fbab256f1bb201753d02f1422cf043d6.dll,#1
  2⤵
  PID:4604

memory/4604-133-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download