fb0303cd22b9fe3fc7eedd84e8d9f7ec8bc2f749504732c6d332d143874b8d7b

Analysis

max time kernel
38s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 04:12

Target

fb0303cd22b9fe3fc7eedd84e8d9f7ec8bc2f749504732c6d332d143874b8d7b.dll
Size

92KB
MD5

f2c68447f9b5d17e772fda9262ffc38c
SHA1

5422fc0974806fae49974ca78c0a1f8e950aceab
SHA256

fb0303cd22b9fe3fc7eedd84e8d9f7ec8bc2f749504732c6d332d143874b8d7b
SHA512

4d897c636bf4e3180c1551dbedc98186dd9cadfab5672286a99db299f34c2daf122acd618cc6912d9fa5ad33a954e39885fa0f20adba678507cb050c61615589
SSDEEP

1536:md/EkEXX7Kk0fBcloCJxk3Ji34y6699hpLuAY0psVMzBnhjO05Cie:iLWX0D3cnb95ur0yWz7K7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 944	2400	rundll32.exe	13
PID 2400 wrote to memory of 944	2400	rundll32.exe	13
PID 2400 wrote to memory of 944	2400	rundll32.exe	13

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb0303cd22b9fe3fc7eedd84e8d9f7ec8bc2f749504732c6d332d143874b8d7b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb0303cd22b9fe3fc7eedd84e8d9f7ec8bc2f749504732c6d332d143874b8d7b.dll,#1
  2⤵
  PID:944

memory/944-133-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/944-134-0x0000000002341000-0x000000000234F000-memory.dmp

Filesize
56KB

Download