5f32b5ad912be2e4d4d64d5065d6d9a613da051c2c7d69199d1012469e544913

Analysis

max time kernel
60s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 06:22

Target

5f32b5ad912be2e4d4d64d5065d6d9a613da051c2c7d69199d1012469e544913.dll
Size

43KB
MD5

b406e2f0b807831679dffee7f947548a
SHA1

d60d696fbbc09cfee6ccf7abb30b9ddf2c17afec
SHA256

5f32b5ad912be2e4d4d64d5065d6d9a613da051c2c7d69199d1012469e544913
SHA512

0e18588b15b08be2dc85c55f87df2446f767240d714e2323b7476bfd04ecfdefe54dcd3b2c04bc8cf43561404adef705e082bddc0917db2a40c4b92850c26c23
SSDEEP

768:94cNvJ4/acva8ibGxnfGGfcGffJdJsdWd2dqd2d2dPdrdodJQdadJO:9J34/acAGhuGkGVQtO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 2364	1532	rundll32.exe	80
PID 1532 wrote to memory of 2364	1532	rundll32.exe	80
PID 1532 wrote to memory of 2364	1532	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f32b5ad912be2e4d4d64d5065d6d9a613da051c2c7d69199d1012469e544913.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f32b5ad912be2e4d4d64d5065d6d9a613da051c2c7d69199d1012469e544913.dll,#1
  2⤵
  PID:2364

memory/2364-133-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download