409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735

Analysis

max time kernel
108s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 10:28

Target

409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
Size

3.2MB
MD5

04b4e9aab7720236309970a5fb118daf
SHA1

8a59571601d254c983bb91ac32f9665ed9528af2
SHA256

409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735
SHA512

cb3680f41ef37cb8b11dd64fde1562e8e5fccd35f5033ea5b6abc30f4e7ceabe37d6e20feb7015eaed0f18e00edbb8631b72cd5494b3723b6971aca0638003ea
SSDEEP

98304:Ov170f+VDHfEIgyIJZzOL8eUN4eFMWH0cNti:Ov170cHcIEZKL04iMKVNc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1196 wrote to memory of 2372	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 2372	1196	rundll32.exe	rundll32.exe
PID 1196 wrote to memory of 2372	1196	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#1
2⤵
PID:2372

memory/2372-133-0x00000000023D0000-0x0000000003113000-memory.dmp

Filesize
13.3MB

Download
memory/2372-134-0x00000000023D0000-0x0000000003113000-memory.dmp

Filesize
13.3MB

Download
memory/2372-135-0x00000000023D0000-0x0000000002511000-memory.dmp

Filesize
1.3MB

Download