d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2023 19:31

Target

d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll
Size

881KB
MD5

a573cbb0d082372cb897b62ded1853ed
SHA1

975b72369d2daca75ac283bfd5c4aa5d9c78a11a
SHA256

d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2
SHA512

a90106180f1777c5a30953bb62b4ccc9d9de4661859f06d99e49707c6867636917cf40a322187b17cab39e53e5ba2e3c7aea55db9ed27f93ac5d89f30368c855
SSDEEP

12288:/fE/H9N0tZp973NLhnJyOES/Sc4lg82Swkn5HOzWQPE7U2Y5TWd:nw0tZp973RNJMSa3lg8p5HOzgY0d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1168 wrote to memory of 1564	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1564	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1564	1168	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9d3dfe8a466f134228de254c77ec4110124aa4c2ffc2290d55505ffc1f327a2.dll,#1
2⤵
PID:1564

memory/1564-132-0x0000000000000000-mapping.dmp

Download
memory/1564-133-0x0000000002140000-0x00000000024A5000-memory.dmp

Filesize
3.4MB

Download