5462d77635b12499656c68216ee273eabf0297bb39ee315c02c2036c4dda658d

Analysis

max time kernel
90s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 16:34

Target

5462d77635b12499656c68216ee273eabf0297bb39ee315c02c2036c4dda658d.dll
Size

97KB
MD5

4769b9a5c44afc23f031844e63414a0c
SHA1

13e69fb7c454b15de8fc9f7e2098236550a0c9d9
SHA256

5462d77635b12499656c68216ee273eabf0297bb39ee315c02c2036c4dda658d
SHA512

9acb11acc01bb680905a7eeb479e5b16bf79e3f30419dbebb61be9d00b251c02fdff441e24ae517ff433054d5b716adcc76535d8e29c652fb5b1b9c972c75760
SSDEEP

1536:0pstl9F0gv/r7r2Z+DjaYxnUQbPsjycFftMJReaSsFPmzmW+Lkphp:0OtFNv/r7r0+tijZFmJReaSsFeKWgohp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 3956	3856	rundll32.exe	81
PID 3856 wrote to memory of 3956	3856	rundll32.exe	81
PID 3856 wrote to memory of 3956	3856	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5462d77635b12499656c68216ee273eabf0297bb39ee315c02c2036c4dda658d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5462d77635b12499656c68216ee273eabf0297bb39ee315c02c2036c4dda658d.dll,#1
  2⤵
  PID:3956

memory/3956-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download