256b8a7be341e7450f495411a786045767b724e66ef5e241722ef2147fc3deb5

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 20:34

Target

256b8a7be341e7450f495411a786045767b724e66ef5e241722ef2147fc3deb5.dll
Size

141KB
MD5

96518a2353809eb7edecec16ef33626a
SHA1

62798b0fdea8f9d3a2f6eb33c8a932fe505c5315
SHA256

256b8a7be341e7450f495411a786045767b724e66ef5e241722ef2147fc3deb5
SHA512

1ab7c75c8609a44e5a00be01a7115389082bfbd5e78313bae4565fac6f2052d2a0c05601bfb9ecf30c0caa48df14ad1ed7c94a3b99e431bd9554c62ce3ba5762
SSDEEP

1536:bZI+zIzIjkuvfZ/Auwf/69bSpA02Aa7Y6ivYRw7GL5VW5Mubptk6gn1tCM:bZTc8xvfGX+R7zFRw7E6wt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 1332	4616	rundll32.exe	83
PID 4616 wrote to memory of 1332	4616	rundll32.exe	83
PID 4616 wrote to memory of 1332	4616	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\256b8a7be341e7450f495411a786045767b724e66ef5e241722ef2147fc3deb5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\256b8a7be341e7450f495411a786045767b724e66ef5e241722ef2147fc3deb5.dll,#1
  2⤵
  PID:1332

memory/1332-133-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download