036c01428bb19bd0a00785068eecce2a4da9682a9a4378e5c123a6b4e71cf9bb

Analysis

max time kernel
75s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2023 21:00

Target

036c01428bb19bd0a00785068eecce2a4da9682a9a4378e5c123a6b4e71cf9bb.dll
Size

188KB
MD5

98fd5d15d2e31d1e2b154b7aad8645c0
SHA1

c720e5d293bf8c14521ba6a5704c2ed11db4676d
SHA256

036c01428bb19bd0a00785068eecce2a4da9682a9a4378e5c123a6b4e71cf9bb
SHA512

8e7a2c31dad84b6666ee767bc9f02f6cf24e3851b681b33d4114d64b538a3dcd4996a10577bb74eb300c705f4b886158be3db3bf1c45d1b34baa9818f3c5c511
SSDEEP

3072:89zoE/kHqpPBAHCLkpPlK8AoZmZ0ODK73IThpEbbAKNXoqlQ8/5NWgP:qzoApOHOelKxoP6Q3IThpEX9P/5NWc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4620	4656	rundll32.exe	84
PID 4656 wrote to memory of 4620	4656	rundll32.exe	84
PID 4656 wrote to memory of 4620	4656	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\036c01428bb19bd0a00785068eecce2a4da9682a9a4378e5c123a6b4e71cf9bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\036c01428bb19bd0a00785068eecce2a4da9682a9a4378e5c123a6b4e71cf9bb.dll,#1
  2⤵
  PID:4620

memory/4620-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download