a74b1b2d211802173a3806c145ef1153aee240055fc5da8080650de5936b869d

Analysis

max time kernel
136s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 15:01

Target

a74b1b2d211802173a3806c145ef1153aee240055fc5da8080650de5936b869d.dll
Size

16KB
MD5

91956382ad34a32f9331621a96d6a4cc
SHA1

01e0d37d1a70ad328976d7fbef7403c9aa4f3922
SHA256

a74b1b2d211802173a3806c145ef1153aee240055fc5da8080650de5936b869d
SHA512

21dddeb4cdc36778c12810d52ed4d37bb157f9205ec7a5de8a85874bf724841844a950a48b5b767ca08c94dd77d82360cc6ab629f22710311507cbf84b0aa2cc
SSDEEP

384:LtT0SWA7/GXmpUNn4iRZhAG4WvYwUmztjbRKK:JT0qmznB6rwUmRvRb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4552	4424	rundll32.exe	82
PID 4424 wrote to memory of 4552	4424	rundll32.exe	82
PID 4424 wrote to memory of 4552	4424	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74b1b2d211802173a3806c145ef1153aee240055fc5da8080650de5936b869d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74b1b2d211802173a3806c145ef1153aee240055fc5da8080650de5936b869d.dll,#1
  2⤵
  PID:4552

memory/4552-132-0x0000000000000000-mapping.dmp

Download
memory/4552-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4552-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download