baaa42b303f29653dea4e4cd3339ffa6c4c5be3aa0d7b62cff3773b49b7705c4

Analysis

max time kernel
127s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 19:18

Target

baaa42b303f29653dea4e4cd3339ffa6c4c5be3aa0d7b62cff3773b49b7705c4.dll
Size

77KB
MD5

3e09b55cbfbe1cbacb9e9f472d5b6d50
SHA1

1cc18a475971ea3afe6906b801a16390a17aa1fc
SHA256

baaa42b303f29653dea4e4cd3339ffa6c4c5be3aa0d7b62cff3773b49b7705c4
SHA512

57a22e7edc236d992babfa1d07c169fd8c60b8f9e5c9bb82802c08014bd4c71e927bce6adf672c7b29ba9be4fb2d7aac435f6bebb9330fb6b4b8eb13537cb902
SSDEEP

1536:8hgHvw2R4HFr+rGYLFza3W0wCuqHAze7WaS5Ho2k4pYGXs/Td2rne:agPn2srZBzA3wCu5ze7WHHo2RpYus/JN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 3600	2920	rundll32.exe	80
PID 2920 wrote to memory of 3600	2920	rundll32.exe	80
PID 2920 wrote to memory of 3600	2920	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\baaa42b303f29653dea4e4cd3339ffa6c4c5be3aa0d7b62cff3773b49b7705c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\baaa42b303f29653dea4e4cd3339ffa6c4c5be3aa0d7b62cff3773b49b7705c4.dll,#1
  2⤵
  PID:3600

memory/3600-133-0x0000000065190000-0x00000000651A8000-memory.dmp

Filesize
96KB

Download