fef3c0f350e173d391422ea70aff19ba6d969286e9162e6a29e9eb293e908718

Analysis

max time kernel
32s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2022 05:30

Target

fef3c0f350e173d391422ea70aff19ba6d969286e9162e6a29e9eb293e908718.dll
Size

1.8MB
MD5

54d99fb64d17a2299b9486e1af1e9bb8
SHA1

ca1a76c2a7a778c5bdbd05d3feb76400e2d27990
SHA256

fef3c0f350e173d391422ea70aff19ba6d969286e9162e6a29e9eb293e908718
SHA512

5c1bee930ce14c18cf06fb086a62185e50327c2e39eabceab17b6372b62a0428258109b2ee8c1ef65b442933400d8f37b23f08e265b67297f27d3d81a5307f92
SSDEEP

49152:F7hwGWVLxLj/az2oC/ndfWztB0F3kxOJp:F7hexdCzOVQfLOJp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 832	2064	rundll32.exe	76
PID 2064 wrote to memory of 832	2064	rundll32.exe	76
PID 2064 wrote to memory of 832	2064	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef3c0f350e173d391422ea70aff19ba6d969286e9162e6a29e9eb293e908718.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef3c0f350e173d391422ea70aff19ba6d969286e9162e6a29e9eb293e908718.dll,#1
  2⤵
  PID:832

memory/832-132-0x0000000000000000-mapping.dmp

Download
memory/832-133-0x0000000002910000-0x0000000002AD7000-memory.dmp

Filesize
1.8MB

Download
memory/832-135-0x0000000002F80000-0x0000000003087000-memory.dmp

Filesize
1.0MB

Download
memory/832-134-0x0000000002D60000-0x0000000002E66000-memory.dmp

Filesize
1.0MB

Download
memory/832-136-0x0000000003090000-0x000000000315B000-memory.dmp

Filesize
812KB

Download
memory/832-137-0x0000000003160000-0x0000000003218000-memory.dmp

Filesize
736KB

Download
memory/832-140-0x0000000002F80000-0x0000000003087000-memory.dmp

Filesize
1.0MB

Download