ab9cb47800071e3259c9e9a3c507aba5d0b96ecd56c35db65356235b4590f7bc

Analysis

max time kernel
146s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 08:43

Target

ab9cb47800071e3259c9e9a3c507aba5d0b96ecd56c35db65356235b4590f7bc.dll
Size

90KB
MD5

688b724bed9ea7d74732423cf1ef82f0
SHA1

0117275df1c6b8cb1adfa584f725738d468bf23b
SHA256

ab9cb47800071e3259c9e9a3c507aba5d0b96ecd56c35db65356235b4590f7bc
SHA512

f8078c90b74cf2727d28baf9c9207019952e1a6daad75641b0ebd87198623059a0da14eb0048428b96193937b73da844ef2b110924693b064c7fa0926b56be70
SSDEEP

1536:uLagGKilBnQ0qS8VuhNn5XHhDuLB/746woD2JNlYBhO5n09XWk2:+aXlrqPghDhKLB/746TD2fl2h60lWk2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 1292	4112	rundll32.exe	82
PID 4112 wrote to memory of 1292	4112	rundll32.exe	82
PID 4112 wrote to memory of 1292	4112	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab9cb47800071e3259c9e9a3c507aba5d0b96ecd56c35db65356235b4590f7bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab9cb47800071e3259c9e9a3c507aba5d0b96ecd56c35db65356235b4590f7bc.dll,#1
  2⤵
  PID:1292

memory/1292-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download