0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60

Analysis

max time kernel
70s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2023 21:21

Target

0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll
Size

694KB
MD5

7b6e1169db39c4c99b5fcd421a334982
SHA1

a46e9b23155378c0e833fa260a51e260287f1301
SHA256

0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60
SHA512

4ac15d1c5075749aa6023d5ff8d8a03395702c8c916b88c0257bacecfd4022efd4eeb36174c1fe346e89c0915f087370f79db6ecf38c235f00e193dc2bc8604d
SSDEEP

12288:N2dXDc/POpLx155e9TtCik58cF19CxWaByEdm+twzrQrw:C4up915w9TQ/N9TaBy+0r2w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2092 wrote to memory of 844	2092	rundll32.exe	rundll32.exe
PID 2092 wrote to memory of 844	2092	rundll32.exe	rundll32.exe
PID 2092 wrote to memory of 844	2092	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll,#1
2⤵
PID:844

memory/844-133-0x0000000000400000-0x0000000000755000-memory.dmp

Filesize
3.3MB

Download