dfbc6fa58a396366ff2d31fa0c642e7f6069532222bc1201215054a34d7ccd80

Analysis

max time kernel
91s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2022 10:28

Target

dfbc6fa58a396366ff2d31fa0c642e7f6069532222bc1201215054a34d7ccd80.dll
Size

195KB
MD5

73ef9afa3f907b4dd1f14c653144aa4c
SHA1

90310f4752c44ee51df1d6a47879c62795985ef9
SHA256

dfbc6fa58a396366ff2d31fa0c642e7f6069532222bc1201215054a34d7ccd80
SHA512

39c731762169d2b61c0032e04e4081e66e11318723173c4d8a0cefa4d4d592fc9808e6ee9e2baf7d0366b2b7e58186e529f427ce121dbfbdb6eec6805f7c9651
SSDEEP

3072:eADXQmPcKtfRSG5vYK+CLaHjH2BgFp/TCcHwkJezu+wDToVbj933mF:eATVcWp/vYdCUWBgD2cQkgzu+wDToVYF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4836	4800	rundll32.exe	81
PID 4800 wrote to memory of 4836	4800	rundll32.exe	81
PID 4800 wrote to memory of 4836	4800	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfbc6fa58a396366ff2d31fa0c642e7f6069532222bc1201215054a34d7ccd80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfbc6fa58a396366ff2d31fa0c642e7f6069532222bc1201215054a34d7ccd80.dll,#1
  2⤵
  PID:4836

memory/4836-132-0x0000000000000000-mapping.dmp

Download
memory/4836-133-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download