accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2023 07:32

Target

accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
Size

64KB
MD5

ad1da0b33566db82b94231693ebe714d
SHA1

b2bd6ac63261fdf9f56ac04ffd915890107392b2
SHA256

accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce
SHA512

1c92141b7922c249d48919cea48eb04b21a764674bc0385698d5c8bbd580278bb6cc845f2e0649f6a12a3d87cdc75ef9d340ce88cf5e612a669527343ac9a4d1
SSDEEP

768:2WH8osl87UHo76MX6G//NpDmqDwBPcD0umk5RMwsGjxYv7fzv9SSI:F8Rl87IMXfKM0o5RMwsRY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4784 wrote to memory of 1844	4784	rundll32.exe	rundll32.exe
PID 4784 wrote to memory of 1844	4784	rundll32.exe	rundll32.exe
PID 4784 wrote to memory of 1844	4784	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#1
2⤵
PID:1844

memory/1844-133-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download