f682a657e89599bb7c7c108bafa80cb80694945eed6a2d270ba80831fa2d4b8b

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 20:08

Target

f682a657e89599bb7c7c108bafa80cb80694945eed6a2d270ba80831fa2d4b8b.dll
Size

18KB
MD5

687d033fe5137a01c82437645003c9fd
SHA1

1eb579a2f1731ecbe8c59d8e993a547944b22541
SHA256

f682a657e89599bb7c7c108bafa80cb80694945eed6a2d270ba80831fa2d4b8b
SHA512

a5f6603d6b68173296cdfee061e246f9971b7e88015ef46fe17d574b8abd1185963c6ce7d8620cfc3872094647f8ec80a3187b70de9d4a546f3b2540a7a6d734
SSDEEP

384:zPZTanfmQK/QEiQPNg/sypBHpJ5kvOXW+AVHQr60vil8E6:zPcfmQK/QIPq/syDpZW+AVHQrXvzE6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3988	4960	rundll32.exe	77
PID 4960 wrote to memory of 3988	4960	rundll32.exe	77
PID 4960 wrote to memory of 3988	4960	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f682a657e89599bb7c7c108bafa80cb80694945eed6a2d270ba80831fa2d4b8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f682a657e89599bb7c7c108bafa80cb80694945eed6a2d270ba80831fa2d4b8b.dll,#1
  2⤵
  PID:3988

memory/3988-133-0x0000000077BA0000-0x0000000077BA6000-memory.dmp

Filesize
24KB

Download
memory/3988-134-0x0000000002950000-0x0000000002990000-memory.dmp

Filesize
256KB

Download