97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f

Analysis

max time kernel
61s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
10-02-2023 19:00

Target

97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll
Size

626KB
MD5

5fc3f6a834499cde6098527f01a09951
SHA1

56cddedbb92639acb83649f91cdb72f322a27100
SHA256

97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f
SHA512

73da509231e32d20f75cc0548948fbeca0a818b29f6026822c619993f8ea1f0ffc7f966912abc3dbb98ba9df1e95ecaa1e3e57876602eaab5bd10c9bba6ab069
SSDEEP

12288:N9fD4BCMepaBzOu0e5FACJxKCM3vhETCJI/dEaxieJak9QdGf/+:3fDw5epcOu0e52vVa0etWdC/+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2552 wrote to memory of 2416	2552	rundll32.exe	rundll32.exe
PID 2552 wrote to memory of 2416	2552	rundll32.exe	rundll32.exe
PID 2552 wrote to memory of 2416	2552	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f56ea717cee560a32f5d9dafe2dde471138133c7ee013f7ffabf0e202fee5f.dll,#1
2⤵
PID:2416

memory/2416-132-0x0000000000000000-mapping.dmp

Download
memory/2416-133-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download