f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3

Analysis

max time kernel
91s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 20:42

Target

f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
Size

65KB
MD5

0a076baeac651727eee5f8af019632d4
SHA1

aea8b091e7ddf20f10de0b308680766cf45fd68d
SHA256

f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3
SHA512

f77891785e4745ac6a078fbd17eaae9c4a54764976af3a8df76dc311d94c0bc3a856796e300acdc2433d2a3e9f9aa682d05dfe092ac8c9ce44ac9a2dd2e3168f
SSDEEP

1536:5SwlKC19SnIhSm9st4uqR/4QgmNSV+a9WTWaR4+PfDp+:lAM9so54Q0p96Z4+30

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4820	4924	rundll32.exe	82
PID 4924 wrote to memory of 4820	4924	rundll32.exe	82
PID 4924 wrote to memory of 4820	4924	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#1
  2⤵
  PID:4820

memory/4820-133-0x0000000010000000-0x0000000010682000-memory.dmp

Filesize
6.5MB

Download