1551ceca958adf7b1de0c1cab0378e865936c6b8973adb3ba3ba034ff0106447

Analysis

max time kernel
100s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 21:05

Target

1551ceca958adf7b1de0c1cab0378e865936c6b8973adb3ba3ba034ff0106447.dll
Size

51KB
MD5

a0da8f1d35db38166ae893494412e936
SHA1

0cb7c8cdcaf88fc07d5ec050cabe6e351a60450b
SHA256

1551ceca958adf7b1de0c1cab0378e865936c6b8973adb3ba3ba034ff0106447
SHA512

eb18122c0a4cc7e5a6c7ef4c645e5d181cb01be88389d21d3aca35ce5ad1ade0c1fda68c2b45140e523e3ed7cd144c330d59c14d180865bb05e73ec91da5d5ce
SSDEEP

768:RTo1RoryxXL5m9h3+tFlAFL+RogMqOBSzfj/mVf8OYP1PaffYwTe4P1oBs:RORlXA9hgAF6RogMCfjmCOYPEfYR0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2244	2384	rundll32.exe	78
PID 2384 wrote to memory of 2244	2384	rundll32.exe	78
PID 2384 wrote to memory of 2244	2384	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1551ceca958adf7b1de0c1cab0378e865936c6b8973adb3ba3ba034ff0106447.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1551ceca958adf7b1de0c1cab0378e865936c6b8973adb3ba3ba034ff0106447.dll,#1
  2⤵
  PID:2244

memory/2244-132-0x0000000000000000-mapping.dmp

Download
memory/2244-133-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download