cd6750cad3a7b24e739dedf4cd730fd670fa707699f93dad8330f310159fbfa0

Analysis

max time kernel
136s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2023 20:32

Target

cd6750cad3a7b24e739dedf4cd730fd670fa707699f93dad8330f310159fbfa0.dll
Size

363KB
MD5

30d400efd50960dc7eb20788809d186c
SHA1

51d902fceb45cb34a358faa9b65f9411f1670f69
SHA256

cd6750cad3a7b24e739dedf4cd730fd670fa707699f93dad8330f310159fbfa0
SHA512

3bda790451d96e071da43af4492b1ecb123a57ffa43948ef3c929af1b00c7049b8425c893396ee9673af6566e849a1afc460e7cf2f5f7037f35203c3b302e42e
SSDEEP

6144:uL4Pd0hlr3wcfmL06i03gr0rxkF3Ec1k1txvI2s/6rWDDo9r/gy2pA0EbmhFdn:o4Pd0Pr3ZmAzkg0rxyEc1Atxpr3r/guq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2912 wrote to memory of 1512	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 1512	2912	rundll32.exe	rundll32.exe
PID 2912 wrote to memory of 1512	2912	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd6750cad3a7b24e739dedf4cd730fd670fa707699f93dad8330f310159fbfa0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd6750cad3a7b24e739dedf4cd730fd670fa707699f93dad8330f310159fbfa0.dll,#1
2⤵
PID:1512

memory/1512-132-0x0000000000000000-mapping.dmp

Download
memory/1512-133-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/1512-134-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/1512-135-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download