af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891

Analysis

max time kernel
74s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 03:50

Target

af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll
Size

128KB
MD5

68eae984aa81ba27fdc7e993b5e7fb9b
SHA1

0bfc2ccb8768f4229fdc68a7a834ade723cfb2f7
SHA256

af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891
SHA512

0a21a201f75ee284248e7cc43b481bc7db871166042c73ed12fd4dc0af961ce37bf7bc09d43c9d714a10c50fe7d4d35700241ee34e6507a4ca839bd958bfc233
SSDEEP

3072:3OdxSBDzm0zQU+aGsdAtGoScDfj5X3nQLCF:3kximMp

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
12	4896	rundll32.exe
15	4896	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4896	4848	rundll32.exe	82
PID 4848 wrote to memory of 4896	4848	rundll32.exe	82
PID 4848 wrote to memory of 4896	4848	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af7678b010ccba6959537927c0cf0b1072a53c681200cd8fcc67cb27c7054891.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4896

memory/4896-133-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download
memory/4896-134-0x0000000000CC0000-0x0000000000CCD000-memory.dmp

Filesize
52KB

Download
memory/4896-135-0x0000000000CD0000-0x0000000000CDD000-memory.dmp

Filesize
52KB

Download
memory/4896-136-0x0000000000CD0000-0x0000000000CDD000-memory.dmp

Filesize
52KB

Download