5dcd07ab93faa79e2e6aad53e9c8440cf740f5de390e0cc3780541520387150b

Analysis

max time kernel
70s
max time network
185s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
04-10-2023 03:41

Target

5dcd07ab93faa79e2e6aad53e9c8440cf740f5de390e0cc3780541520387150b.dll
Size

2.3MB
MD5

0101afeef08d7c91bf8568c02c712ea3
SHA1

b9dcbd31640c520e8672a454496d4a6ec212f7b3
SHA256

5dcd07ab93faa79e2e6aad53e9c8440cf740f5de390e0cc3780541520387150b
SHA512

4d3005b967240214e7acc5ee4c796edde3c71d3e5586752da91b7cdc1ae5e544e26e6f4e508d1d98a1f4ab3ad94e1b8057e4bb388890b093bc5b49a968125271
SSDEEP

49152:mg8kQtIB3vYaUDWNzd1ReHmTWXXRFvyL889d/2/VXXaYSW:m3aB/sDq1R8VDvN89xmH7SW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 3444	1168	rundll32.exe	70
PID 1168 wrote to memory of 3444	1168	rundll32.exe	70
PID 1168 wrote to memory of 3444	1168	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dcd07ab93faa79e2e6aad53e9c8440cf740f5de390e0cc3780541520387150b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dcd07ab93faa79e2e6aad53e9c8440cf740f5de390e0cc3780541520387150b.dll,#1
  2⤵
  PID:3444

memory/3444-1-0x0000000010000000-0x0000000010244000-memory.dmp

Filesize
2.3MB

Download
memory/3444-0-0x0000000000A50000-0x0000000000A56000-memory.dmp

Filesize
24KB

Download
memory/3444-3-0x00000000048A0000-0x00000000049B0000-memory.dmp

Filesize
1.1MB

Download
memory/3444-4-0x00000000049B0000-0x0000000004AA5000-memory.dmp

Filesize
980KB

Download
memory/3444-5-0x00000000049B0000-0x0000000004AA5000-memory.dmp

Filesize
980KB

Download
memory/3444-7-0x00000000049B0000-0x0000000004AA5000-memory.dmp

Filesize
980KB

Download
memory/3444-8-0x00000000049B0000-0x0000000004AA5000-memory.dmp

Filesize
980KB

Download