f68f7357c3aec8b961291509b7a65dce0f618cdf4818720d307e8e7ab835592c

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2022 10:45

Target

f68f7357c3aec8b961291509b7a65dce0f618cdf4818720d307e8e7ab835592c.dll
Size

389KB
MD5

6d32b6fb17f3037058141f4339927130
SHA1

5193571dac416a09e019868b2782d40d5e1774ee
SHA256

f68f7357c3aec8b961291509b7a65dce0f618cdf4818720d307e8e7ab835592c
SHA512

2a22c678d2852167d9df26c7882b0021418d669ed6d092564bfed1374e9f2ed208f3c5921605cd27a9b426105877a1436477721c7c8f1b6ad11389645631a091
SSDEEP

6144:10p44pXWWOAZEKW7UsY6OiaQen0VQ8NYazJYuAcSWqis/2GXaidsiVwuARr1+l:opXWW5ZEKxsYx07NYvWmeb1U

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 5012	5080	rundll32.exe	83
PID 5080 wrote to memory of 5012	5080	rundll32.exe	83
PID 5080 wrote to memory of 5012	5080	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f68f7357c3aec8b961291509b7a65dce0f618cdf4818720d307e8e7ab835592c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f68f7357c3aec8b961291509b7a65dce0f618cdf4818720d307e8e7ab835592c.dll,#1
  2⤵
  PID:5012

memory/5012-132-0x0000000000000000-mapping.dmp

Download
memory/5012-133-0x0000000001F40000-0x0000000001FA7000-memory.dmp

Filesize
412KB

Download