5413e8e06cfef77d8acf1c0b683a6710e6629976e37876c572d9f492929f84ef

Analysis

max time kernel
91s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 08:53

Target

5413e8e06cfef77d8acf1c0b683a6710e6629976e37876c572d9f492929f84ef.dll
Size

177KB
MD5

21b5b8267e0b23e173222ac4dab44e50
SHA1

4eff62f127a0a7569446e31ea3c8f2f105c37309
SHA256

5413e8e06cfef77d8acf1c0b683a6710e6629976e37876c572d9f492929f84ef
SHA512

4bfdc65f3c523ed43ce6e35fa39652a01c95ad9a994644f2d56940f349eb7d8699a37141171bcedd113a7857bdca67fb3bd7b4fe5703961988efb49459badd31
SSDEEP

3072:BMSyxvfGYK4t//NCGcwdSfNcnxZvZB57:WSQftKC/V9bwfNcnrz5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80
PID 4864 wrote to memory of 3852	4864	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5413e8e06cfef77d8acf1c0b683a6710e6629976e37876c572d9f492929f84ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5413e8e06cfef77d8acf1c0b683a6710e6629976e37876c572d9f492929f84ef.dll,#1
  2⤵
  PID:3852

memory/3852-133-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download