64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1

Analysis

max time kernel
154s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
17-02-2023 20:55

Target

64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll
Size

1.6MB
MD5

e8947f2541dc72314fb0c68dc65c06c0
SHA1

7928e7d53940f8235d1f96869df715f3725dbd4f
SHA256

64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1
SHA512

0973c1fbc9a289d99cce7e127a06cd88e9a68569e3250502d578db5ea645d23277047e16945f12e9ea4e34b60deffcacdb864feecc8b4338c67b6c51a60c42b7
SSDEEP

24576:9tpPh1D2KaKCVDOyAgS/W50M71huyEFnYGFmS1Y3lEOd7xdGQ8RyV9Bly:ph1DYFzAq6M7rMFYy03lE6z8CK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4784 wrote to memory of 1028	4784	rundll32.exe	rundll32.exe
PID 4784 wrote to memory of 1028	4784	rundll32.exe	rundll32.exe
PID 4784 wrote to memory of 1028	4784	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll,#1
  2⤵
  PID:1028

memory/1028-132-0x0000000000000000-mapping.dmp

Download
memory/1028-133-0x0000000002100000-0x000000000266D000-memory.dmp

Filesize
5.4MB

Download
memory/1028-134-0x0000000002100000-0x000000000266D000-memory.dmp

Filesize
5.4MB

Download