d4551d93206d664167c2948c409f50fb98a2cfa4f9bb4e73a7bde4d69baf5c07

Analysis

max time kernel
116s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 11:59

Target

d4551d93206d664167c2948c409f50fb98a2cfa4f9bb4e73a7bde4d69baf5c07.dll
Size

151KB
MD5

a360c715f1164ad43872dd26b0e36c1b
SHA1

243d80c4dc3a09a35d4c84fb95e8275f4f0be94f
SHA256

d4551d93206d664167c2948c409f50fb98a2cfa4f9bb4e73a7bde4d69baf5c07
SHA512

6f5e4ce65b6c59eab7d0b3238f487837014017b3899526db33b0456af4b3a2951b4952c4fddb5f1df794268aa225fd8926e6ff7df2294258497e31e1c8e9b361
SSDEEP

1536:kIsIwXI2IuIJkuvfZ/AuwtICVmG04D6OFcK5vcZSFCtluRR3u5xUSTP:k7ZFNyxvfGx04iK5yy9u5x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 5060	2280	rundll32.exe	83
PID 2280 wrote to memory of 5060	2280	rundll32.exe	83
PID 2280 wrote to memory of 5060	2280	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4551d93206d664167c2948c409f50fb98a2cfa4f9bb4e73a7bde4d69baf5c07.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4551d93206d664167c2948c409f50fb98a2cfa4f9bb4e73a7bde4d69baf5c07.dll,#1
  2⤵
  PID:5060

memory/5060-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download