af0c19ab7c3a74596cf1052ce44769ad3899c54e2bd87a2a72f534b62ee55a86

Analysis

max time kernel
131s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 16:52

Target

af0c19ab7c3a74596cf1052ce44769ad3899c54e2bd87a2a72f534b62ee55a86.dll
Size

85KB
MD5

76bbe623405e07942a9df5146b266485
SHA1

1bbc606522a3b1087ecc23233d5785e873745f6c
SHA256

af0c19ab7c3a74596cf1052ce44769ad3899c54e2bd87a2a72f534b62ee55a86
SHA512

914663fd278b8d4d215fd68ae8d805d74b4d0693057df4bcc4a511ce4a3bb9cf7e29ba196c97c45d2a63cf5a7deb81db1288bfc485e8ac1ac13bbe571cd77e65
SSDEEP

1536:0pstl9F0gv/r7r2ZlWuU1jaNCJwWsER5SnSUwi6O5fS:0OtFNv/r7r0lBU1jRvs+SSUwi6OxS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 1948	728	rundll32.exe	82
PID 728 wrote to memory of 1948	728	rundll32.exe	82
PID 728 wrote to memory of 1948	728	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0c19ab7c3a74596cf1052ce44769ad3899c54e2bd87a2a72f534b62ee55a86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af0c19ab7c3a74596cf1052ce44769ad3899c54e2bd87a2a72f534b62ee55a86.dll,#1
  2⤵
  PID:1948

memory/1948-132-0x0000000000000000-mapping.dmp

Download
memory/1948-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download