90321835e15ddad066eddb47aa1944b65fc729cfa41d1419c04b2e58259359ef

Analysis

max time kernel
62s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2023 19:08

Target

90321835e15ddad066eddb47aa1944b65fc729cfa41d1419c04b2e58259359ef.dll
Size

377KB
MD5

6a7cda5e18b8ed95328eae4a8de953a9
SHA1

c32d6c710eb0e1adcdfb3ed2c9d2ea9bd6c97c91
SHA256

90321835e15ddad066eddb47aa1944b65fc729cfa41d1419c04b2e58259359ef
SHA512

e70901336cb7fa323737d17e0f422ff26041124c19e4f181a71a869afe9c72bf84d5b63efd17cb54914c051f6a61b2dad356c509b5d3191c5d5f1a7f8efc9a93
SSDEEP

6144:N5oVRQlRth9BNLoj3YWTmA6ZnDJeTuTwCNNm4gPln8J8umEDsr7Xk6vKUbsA:fky/1Q1EJeTuMCNNQl8JvBK7UOj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3984 wrote to memory of 2400	3984	rundll32.exe	rundll32.exe
PID 3984 wrote to memory of 2400	3984	rundll32.exe	rundll32.exe
PID 3984 wrote to memory of 2400	3984	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90321835e15ddad066eddb47aa1944b65fc729cfa41d1419c04b2e58259359ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90321835e15ddad066eddb47aa1944b65fc729cfa41d1419c04b2e58259359ef.dll,#1
  2⤵
  PID:2400

memory/2400-133-0x0000000000400000-0x00000000006AD000-memory.dmp

Filesize
2.7MB

Download