2d802b09a86c4d2ddf45da02b1391dfb6406e40260c9c7f29c71a506f74926a7

Analysis

max time kernel
116s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 19:39

Target

2d802b09a86c4d2ddf45da02b1391dfb6406e40260c9c7f29c71a506f74926a7.dll
Size

499KB
MD5

608a356b4e8a669fd99259bc82cd4fc0
SHA1

ef8009a3b075654b047c12c150bb00f18aac4650
SHA256

2d802b09a86c4d2ddf45da02b1391dfb6406e40260c9c7f29c71a506f74926a7
SHA512

3743e9a0a8633d2105c6640bfd79ead600af46436ea25810f85f6a668a2a9dab5c9f7748eb589e66f9f22846f1889abb1a5856ef31ef019171660357f1dc2dd5
SSDEEP

12288:0Vep6bfraY+EbKKOK9CIrYID30uVPwf+Y2YQ:0VepqGYxhrYIpq2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4380 wrote to memory of 3844	4380	rundll32.exe	rundll32.exe
PID 4380 wrote to memory of 3844	4380	rundll32.exe	rundll32.exe
PID 4380 wrote to memory of 3844	4380	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d802b09a86c4d2ddf45da02b1391dfb6406e40260c9c7f29c71a506f74926a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d802b09a86c4d2ddf45da02b1391dfb6406e40260c9c7f29c71a506f74926a7.dll,#1
2⤵
PID:3844

memory/3844-133-0x0000000000400000-0x00000000006FD000-memory.dmp

Filesize
3.0MB

Download