85a542f1b064683d00b9b9b743af5dda09106ea0abdb5bfc0b3fbcdfce872728

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 22:40

Target

85a542f1b064683d00b9b9b743af5dda09106ea0abdb5bfc0b3fbcdfce872728.dll
Size

580KB
MD5

76aa18b26060d4e71c830077e369e919
SHA1

3346ed6a41f52141d0efa862a08e928a2209a719
SHA256

85a542f1b064683d00b9b9b743af5dda09106ea0abdb5bfc0b3fbcdfce872728
SHA512

c6e82c52e6b3ac8f0b016d5221e6fdf4b40b2ea4a57d0aaa54f7de2150eb65b2bea5abd4d3d2fdddf4781bcc8dc666a68bb2da1c66a3272c2e0b4faa5e44811e
SSDEEP

12288:yE65z+PpsmeHONkYzDKMAEa6SMw/hypYA//GO:A+/zXAEa67wopYWGO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4944	4984	rundll32.exe	84
PID 4984 wrote to memory of 4944	4984	rundll32.exe	84
PID 4984 wrote to memory of 4944	4984	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85a542f1b064683d00b9b9b743af5dda09106ea0abdb5bfc0b3fbcdfce872728.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85a542f1b064683d00b9b9b743af5dda09106ea0abdb5bfc0b3fbcdfce872728.dll,#1
  2⤵
  PID:4944

memory/4944-132-0x0000000000000000-mapping.dmp

Download
memory/4944-133-0x0000000060980000-0x0000000060A12000-memory.dmp

Filesize
584KB

Download