dd8038fb68f5e3e88e7a650bb7b5968477e7b9a863a6600cf92ad0f8ec0c853e

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 19:11

Target

dd8038fb68f5e3e88e7a650bb7b5968477e7b9a863a6600cf92ad0f8ec0c853e.dll
Size

2.0MB
MD5

6310a9c81ad41fe4e8bf30c480e8354e
SHA1

a3c36e4f8376ce0128a556f9b40695fe69aff174
SHA256

dd8038fb68f5e3e88e7a650bb7b5968477e7b9a863a6600cf92ad0f8ec0c853e
SHA512

f1861ba040b1d39ed11c0c9d74f37c3adfce0d960feeca7c8635a975318bcda49025883d38906ab03c7343e11323c71bfb12a683765f0b961dd5112a984be485
SSDEEP

49152:y5IaiYXS4maAT5Dx/WdAKdowRogjLYlfzd2lrXKc1Cw9QYc:y5IeSII5lpKqwKGCfzd2lP1fO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 4556	1612	rundll32.exe	86
PID 1612 wrote to memory of 4556	1612	rundll32.exe	86
PID 1612 wrote to memory of 4556	1612	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd8038fb68f5e3e88e7a650bb7b5968477e7b9a863a6600cf92ad0f8ec0c853e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd8038fb68f5e3e88e7a650bb7b5968477e7b9a863a6600cf92ad0f8ec0c853e.dll,#1
  2⤵
  PID:4556

memory/4556-133-0x0000000002D30000-0x0000000003B7F000-memory.dmp

Filesize
14.3MB

Download
memory/4556-134-0x0000000002D30000-0x0000000003B7F000-memory.dmp

Filesize
14.3MB

Download
memory/4556-135-0x0000000002D30000-0x0000000002E71000-memory.dmp

Filesize
1.3MB

Download