22145bf41deb431c76c40d833fb75060220ad085b6808dcc0e34adaaf7dbe29d

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 14:46

Target

22145bf41deb431c76c40d833fb75060220ad085b6808dcc0e34adaaf7dbe29d.dll
Size

10KB
MD5

7846c52aac8c1587bc2811b35b72e2c3
SHA1

caf077c292db29eff57831b8a7d24cb00bcd1da8
SHA256

22145bf41deb431c76c40d833fb75060220ad085b6808dcc0e34adaaf7dbe29d
SHA512

2a79c0889f5a1a28f2fc4603b8a25694a12097872ef7f59b0a5f69a2cf9daa1dfd951f53f4aecd08777db2196cdc157e322e00c6c7131a76cc1d8785f4a383ef
SSDEEP

192:qDLw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:kldHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 3080	2412	rundll32.exe	75
PID 2412 wrote to memory of 3080	2412	rundll32.exe	75
PID 2412 wrote to memory of 3080	2412	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22145bf41deb431c76c40d833fb75060220ad085b6808dcc0e34adaaf7dbe29d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22145bf41deb431c76c40d833fb75060220ad085b6808dcc0e34adaaf7dbe29d.dll,#1
  2⤵
  PID:3080

memory/3080-133-0x000000006D991000-0x000000006D993000-memory.dmp

Filesize
8KB

Download