f3568f631ce1a1519b80b35db425e4d86adc3d86e4a562b5a0c52ab43bf3c9a1

Analysis

max time kernel
95s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2023 18:15

Target

f3568f631ce1a1519b80b35db425e4d86adc3d86e4a562b5a0c52ab43bf3c9a1.dll
Size

702KB
MD5

635c6c5da7ff04133cc744266fbaaacf
SHA1

478fd455fa04bb056e826496c711fd40c8e0d813
SHA256

f3568f631ce1a1519b80b35db425e4d86adc3d86e4a562b5a0c52ab43bf3c9a1
SHA512

ad775e447675529fefca33708568fceaf2962f053c9c252625f9cd4c77ca020bf27672b12707f2418633423164dbae16d2edc391d3dbce481dec50cd48226a45
SSDEEP

12288:xYbcV2TI821DuPVuPzq0yffD7rThc1ZShlMZhXs0TEEe/l+Waq:xYal1DuNuGZTdc1ohlMzTEEIlv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5060 wrote to memory of 3300	5060	rundll32.exe	rundll32.exe
PID 5060 wrote to memory of 3300	5060	rundll32.exe	rundll32.exe
PID 5060 wrote to memory of 3300	5060	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3568f631ce1a1519b80b35db425e4d86adc3d86e4a562b5a0c52ab43bf3c9a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3568f631ce1a1519b80b35db425e4d86adc3d86e4a562b5a0c52ab43bf3c9a1.dll,#1
2⤵
PID:3300

memory/3300-134-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download
memory/3300-135-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download
memory/3300-133-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download
memory/3300-136-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download
memory/3300-138-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download
memory/3300-137-0x0000000002390000-0x0000000002581000-memory.dmp

Filesize
1.9MB

Download