c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de

Analysis

max time kernel
75s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2023 18:30

Target

c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll
Size

106KB
MD5

f3c52283aef555393238829e28e86830
SHA1

5577681b2468af105b141142916657028116b7db
SHA256

c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de
SHA512

541feb3d75fa506e015bd456c3553d8d3f0b50d7aaa26cf6ad5d862cfe813dfc2f0bd23cd78bcedb9569652a269005d2945478ddc604163041bb9e83afff6558
SSDEEP

1536:XYtNNCclxaWfem/KmO7b0Flr9sgb15wk41KlqcTtJonUe8FzkjWSnlIscCGIZTBc:6CjWfemGb0FZm4moBtJonUMlIiBZT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 496	3240	rundll32.exe	83
PID 3240 wrote to memory of 496	3240	rundll32.exe	83
PID 3240 wrote to memory of 496	3240	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c13fc2b1bc03401ee54b8af6b599e001f5bccd0ae7e806b7c2fc4764f5e8f5de.dll,#1
  2⤵
  PID:496

memory/496-133-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download