14a1c44bd9a5d39012290f8fd13c69b15c01e1be3e6927cae4f640ac0a1130ca

Analysis

max time kernel
98s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 04:59

Target

14a1c44bd9a5d39012290f8fd13c69b15c01e1be3e6927cae4f640ac0a1130ca.dll
Size

524KB
MD5

48d1ff48d3b2ce4d7ef550a9df3af8e4
SHA1

299dd1fdc3490e703144523f3eab1a823f768bb8
SHA256

14a1c44bd9a5d39012290f8fd13c69b15c01e1be3e6927cae4f640ac0a1130ca
SHA512

a059607ec2bc6bbba7c39f06fb7056c74fea4975e1839c159cba3d2c4d2dfe335438f43ecd259ce562202252d5edf1a8a5ffc1d15d0762e6e7de764005aa535e
SSDEEP

12288:HbHvVKjkN8Oi3C0eYAwXrgpcHkPFdaB/:Hb9+e0eYlXrghFd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 4640	1168	rundll32.exe	82
PID 1168 wrote to memory of 4640	1168	rundll32.exe	82
PID 1168 wrote to memory of 4640	1168	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14a1c44bd9a5d39012290f8fd13c69b15c01e1be3e6927cae4f640ac0a1130ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14a1c44bd9a5d39012290f8fd13c69b15c01e1be3e6927cae4f640ac0a1130ca.dll,#1
  2⤵
  PID:4640

memory/4640-133-0x0000000067070000-0x00000000670F5000-memory.dmp

Filesize
532KB

Download