4ebbcfe4d6aeff1bd4cdccd76cd8b8172ab4c1501277a85a847a2a4c7d217ae8

Analysis

max time kernel
98s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 22:43

Target

4ebbcfe4d6aeff1bd4cdccd76cd8b8172ab4c1501277a85a847a2a4c7d217ae8.dll
Size

465KB
MD5

63c5f99af4ad0fa9e660675a5b57f190
SHA1

b74f751f7e3e801477fa9447627fdf08c7ce9c4b
SHA256

4ebbcfe4d6aeff1bd4cdccd76cd8b8172ab4c1501277a85a847a2a4c7d217ae8
SHA512

299f09cb688c68db197ddcd654c4761b9831a909fbba42066bb8629eb0dca614dd84de5fb44bf4814825b381c0e69e8b9f015b4dd3c52db675c47179c4b97ba4
SSDEEP

3072:qyFrUKDOWlbJIYnwfph05UJHoEAXc0ZbOpTrzux6n62/y+WBwl51G5+nzsZ1MPIQ:FUvQbxwpaXc0JOpThn6ouwl51tnzMq1t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 3060	4896	rundll32.exe	81
PID 4896 wrote to memory of 3060	4896	rundll32.exe	81
PID 4896 wrote to memory of 3060	4896	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ebbcfe4d6aeff1bd4cdccd76cd8b8172ab4c1501277a85a847a2a4c7d217ae8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ebbcfe4d6aeff1bd4cdccd76cd8b8172ab4c1501277a85a847a2a4c7d217ae8.dll,#1
  2⤵
  PID:3060

memory/3060-133-0x0000000010000000-0x0000000010079000-memory.dmp

Filesize
484KB

Download