ba5674186d0d24c4016211e326323f08cb1a91ccb0b5d63effa41b4f03ca68da

Analysis

max time kernel
68s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 09:45

Target

ba5674186d0d24c4016211e326323f08cb1a91ccb0b5d63effa41b4f03ca68da.dll
Size

62KB
MD5

64f24478022e1311ee11a60fc8a3c3c0
SHA1

7d628c07e4e9fe98c92be606c523f034f064961c
SHA256

ba5674186d0d24c4016211e326323f08cb1a91ccb0b5d63effa41b4f03ca68da
SHA512

924c8816e1167c1cc0dea4901a553e10634e65033d0680060e769fdbd33a70a201e04bca9374cf4a193b228c4ac502b65a3ad4792b8220d36e9b42f2f98789f0
SSDEEP

1536:HKvv9jeCw6l9n+Eu2R+F/ae5eKjvY9gj9TiTj+b1plhPf:TSHu2Y/9AkY98S6ThX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81
PID 4828 wrote to memory of 4880	4828	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5674186d0d24c4016211e326323f08cb1a91ccb0b5d63effa41b4f03ca68da.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba5674186d0d24c4016211e326323f08cb1a91ccb0b5d63effa41b4f03ca68da.dll,#1
  2⤵
  PID:4880

memory/4880-133-0x0000000010000000-0x0000000010664000-memory.dmp

Filesize
6.4MB

Download