dd3983c3d5e7ddc25850acdca7dce972ae28d3040df9c2c89c6415f8bb272794

Analysis

max time kernel
134s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:23

Target

dd3983c3d5e7ddc25850acdca7dce972ae28d3040df9c2c89c6415f8bb272794.dll
Size

2.5MB
MD5

5510fb4e0fed4a94d4382905129448dc
SHA1

47e84caf95c981fd64412adf990f84295125ca66
SHA256

dd3983c3d5e7ddc25850acdca7dce972ae28d3040df9c2c89c6415f8bb272794
SHA512

6d96786d2747ae2760288e6721ea65e246cbdcf54a2ea2c987f90475d3eb407577785e7b50f24ae72fb4b316a776df0baff0dae2f94f17d47b41822c524db99b
SSDEEP

49152:WXexMd0lJvlLnIftoZ7nt6GdCUh4ck6zI25avSFmhg8OTFeA1VlaJQMy:q+54toZ7hdCqI25a6chbUpaA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2256	1088	rundll32.exe	83
PID 1088 wrote to memory of 2256	1088	rundll32.exe	83
PID 1088 wrote to memory of 2256	1088	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd3983c3d5e7ddc25850acdca7dce972ae28d3040df9c2c89c6415f8bb272794.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd3983c3d5e7ddc25850acdca7dce972ae28d3040df9c2c89c6415f8bb272794.dll,#1
  2⤵
  PID:2256