0ba8354479cc0f01d1ca3d9af46eaf67f57692c18c297cfa25de9c5e559b1145

Analysis

max time kernel
162s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 07:02

Target

0ba8354479cc0f01d1ca3d9af46eaf67f57692c18c297cfa25de9c5e559b1145.dll
Size

772KB
MD5

535c6ee9c1ea80d903da611e4a9fa206
SHA1

86df4273d8455c1dd898a341057870a8b1e3bb0b
SHA256

0ba8354479cc0f01d1ca3d9af46eaf67f57692c18c297cfa25de9c5e559b1145
SHA512

394d848ce9aec661dfa1071fe3009c6b74b840f114b881c06f7d7eb2cac5c926739ea9bbc4317a9a7fbe4a463b4f3e2da741920abee0b5808df0de459754fcf8
SSDEEP

24576:ghqg+Ym6/frmhp2MsgTrwzFgylqlrohKA0CskN6:kYhPkN6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4868	4960	rundll32.exe	83
PID 4960 wrote to memory of 4868	4960	rundll32.exe	83
PID 4960 wrote to memory of 4868	4960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba8354479cc0f01d1ca3d9af46eaf67f57692c18c297cfa25de9c5e559b1145.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba8354479cc0f01d1ca3d9af46eaf67f57692c18c297cfa25de9c5e559b1145.dll,#1
  2⤵
  PID:4868

memory/4868-133-0x0000000010000000-0x00000000100C2000-memory.dmp

Filesize
776KB

Download