fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6

Analysis

max time kernel
99s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 07:03 UTC

Target

fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll
Size

10KB
MD5

0a5fcf55fced048cfbc51355752bd849
SHA1

7369fa465dd43cc60848cf08218cafefa59e005b
SHA256

fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6
SHA512

dd4696a7d4a99c628101153265f6bc74a2af01844e977c9f036c3e12fd27f652ce247fa27b7e6e6fe28c682a0bba87cb7bdbdfda039063263648a2388f053baa
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92bj:6dHad/N20IypWak8dWiWak8EdW7H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 4912	4156	rundll32.exe	61
PID 4156 wrote to memory of 4912	4156	rundll32.exe	61
PID 4156 wrote to memory of 4912	4156	rundll32.exe	61

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#1
  2⤵
  PID:4912

No results found

No results found

memory/4912-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download
memory/4912-134-0x000000006DD20000-0x000000006DD27000-memory.dmp

Filesize
28KB

Download