ab00a7f4e6502239dab384dfb1d0f47b3e5ec863733a051b5e6c254fbfaef79e

Analysis

max time kernel
169s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 12:07

Target

ab00a7f4e6502239dab384dfb1d0f47b3e5ec863733a051b5e6c254fbfaef79e.dll
Size

160KB
MD5

2e33948772a24ee664723a3df3facc40
SHA1

3a64baeb18d9ce49451e4d1e9280cb0b62564169
SHA256

ab00a7f4e6502239dab384dfb1d0f47b3e5ec863733a051b5e6c254fbfaef79e
SHA512

87ba72fec494464e0305bc23ee26d4581487ac94b503b9c75c9cb94cf526e782c372bccbb215c49c22666f349ac268f1001047cb88ef6faf6edb5e8afae2af6a
SSDEEP

3072:sk4NwyLv/ENXtvFsXQpvfbxPzAm5+YH+7esrVAa:sk428yVjxPz55+YHODSa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 4916	1636	rundll32.exe	81
PID 1636 wrote to memory of 4916	1636	rundll32.exe	81
PID 1636 wrote to memory of 4916	1636	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab00a7f4e6502239dab384dfb1d0f47b3e5ec863733a051b5e6c254fbfaef79e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab00a7f4e6502239dab384dfb1d0f47b3e5ec863733a051b5e6c254fbfaef79e.dll,#1
  2⤵
  PID:4916

memory/4916-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download