5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2023 20:33

Target

5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll
Size

428KB
MD5

ab9635ddab1654e7b423f8dae312a162
SHA1

74ccfd75f97718a059abd9a438555fa05e457b81
SHA256

5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d
SHA512

3c3a583dc9759280f6eb8927db31d6c44a9761bbe5de3c1cc7155b0f38ddef5e252f146cfe2f51e4f506248144677bf0a3f2bfd16cca16ca71d858c4899c6e99
SSDEEP

12288:c+M7dho5oq5S/V2Ig+jB5RPwHpnLP8uyl5qUc:OrQ5O2IblwHE5qUc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 404 wrote to memory of 1108	404	rundll32.exe	rundll32.exe
PID 404 wrote to memory of 1108	404	rundll32.exe	rundll32.exe
PID 404 wrote to memory of 1108	404	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5313712de57d9e3b01392a3dc8ac648218642209c6e72b7a81391d0da44fb92d.dll,#1
2⤵
PID:1108

memory/1108-132-0x0000000000000000-mapping.dmp

Download
memory/1108-133-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download