a7e91c6103cf9f55ce29ac623c60ce562b8e34e81c793ff42037466dcc5ac143

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 22:03

Target

a7e91c6103cf9f55ce29ac623c60ce562b8e34e81c793ff42037466dcc5ac143.dll
Size

22KB
MD5

65e6283be83437a3384a42d7d35a3139
SHA1

4086968c8064b54d1547918b89ec58509f6091d0
SHA256

a7e91c6103cf9f55ce29ac623c60ce562b8e34e81c793ff42037466dcc5ac143
SHA512

83815ce11a5071a7b44910d741d5017c1ff9e6bc9c96626d693b26857cc414d491f6c26b8cbfee8f7336b956bc637f65d17bc0e2a6736065590c4b7b42c1f056
SSDEEP

192:96BNWJ+Fs3qnZID0W9NzWLDU41PljFNtzck4Y9xM33YLjc1Mi6QNu8:96BNWGlZIAWfzWLDn3tzc2nc+i7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 1920	4648	rundll32.exe	83
PID 4648 wrote to memory of 1920	4648	rundll32.exe	83
PID 4648 wrote to memory of 1920	4648	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7e91c6103cf9f55ce29ac623c60ce562b8e34e81c793ff42037466dcc5ac143.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7e91c6103cf9f55ce29ac623c60ce562b8e34e81c793ff42037466dcc5ac143.dll,#1
  2⤵
  PID:1920

memory/1920-136-0x0000000071AD0000-0x0000000071ADA000-memory.dmp

Filesize
40KB

Download