814dd13b8ade3cbdc6d84c3224b8718f8f44b7f2f6b8212311013a244690a170

Analysis

max time kernel
91s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 08:48

Target

814dd13b8ade3cbdc6d84c3224b8718f8f44b7f2f6b8212311013a244690a170.dll
Size

17KB
MD5

a298f0d9b5161ded52aa0acf82203f83
SHA1

dff349beaddb858269c75d56fd84ccec2364eb5b
SHA256

814dd13b8ade3cbdc6d84c3224b8718f8f44b7f2f6b8212311013a244690a170
SHA512

d16bed921411c51b8bb06f9ce97893e82b5c1b2a10fc53d7ab052b5595bb22f3c1732ac2d08840504f7a3b0f3b10c53f05398c85c07cbd994ca4eb3e072c2c9e
SSDEEP

384:pkyjfAjBeQoPUqsbZZ/FWpnUcxNACB4jcETUFbrdsn:pioLbyF0UcbUTUS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 5044	4924	rundll32.exe	81
PID 4924 wrote to memory of 5044	4924	rundll32.exe	81
PID 4924 wrote to memory of 5044	4924	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\814dd13b8ade3cbdc6d84c3224b8718f8f44b7f2f6b8212311013a244690a170.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\814dd13b8ade3cbdc6d84c3224b8718f8f44b7f2f6b8212311013a244690a170.dll,#1
  2⤵
  PID:5044

memory/5044-133-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download