ff401fb205b05d3564c5c1cbe689822dcac0a7ed2b858bfbdf6ae865309c2b62

Analysis

max time kernel
106s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 07:03

Target

ff401fb205b05d3564c5c1cbe689822dcac0a7ed2b858bfbdf6ae865309c2b62.dll
Size

10KB
MD5

68cd3d0a25ce2fd622d3fd972ff9966b
SHA1

f50d67c98c488af56274cdb5cf2571ccfac3ab48
SHA256

ff401fb205b05d3564c5c1cbe689822dcac0a7ed2b858bfbdf6ae865309c2b62
SHA512

1ae2a3707da4f289382937918a91cedf14f275dc97797ce0ad64108da25a365b4e1feb67874671ab9fcd74b3da050a7cd86a6c4128b005cf9008ddda5ca83037
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92bn:6dHad/N20IypWak8dWiWak8EdW7D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3616	5004	rundll32.exe	54
PID 5004 wrote to memory of 3616	5004	rundll32.exe	54
PID 5004 wrote to memory of 3616	5004	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff401fb205b05d3564c5c1cbe689822dcac0a7ed2b858bfbdf6ae865309c2b62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff401fb205b05d3564c5c1cbe689822dcac0a7ed2b858bfbdf6ae865309c2b62.dll,#1
  2⤵
  PID:3616

memory/3616-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download